F21 System Wide Change: The securetty file is empty by default

Petr Pisar ppisar at redhat.com
Mon Apr 14 06:44:39 UTC 2014


On 2014-04-11, Jaroslav Reznik <jreznik at redhat.com> wrote:
>= Proposed System Wide Change:  The securetty file is empty by default = 
> https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default
>
[...]
> Disabling root access via any console device (tty). 
>
This is silly. If a system has been broken very badly, then one goes to
the machine and fix if from the local TTY.

With local access, there is no way how to prevent from rooting the
machine. (Let's forget on TPM-guarded or on-line-audited systems now.)
So preventing from logging as root on Linux virtual terminal is
pointless.

Hiding a root access behind two passwords does not bring any better
security than using one strong root password.

You are making simple things over-complicated.

-- Petr



More information about the devel mailing list