F21 System Wide Change: The securetty file is empty by default
ppisar at redhat.com
Mon Apr 14 06:44:39 UTC 2014
On 2014-04-11, Jaroslav Reznik <jreznik at redhat.com> wrote:
>= Proposed System Wide Change: The securetty file is empty by default =
> Disabling root access via any console device (tty).
This is silly. If a system has been broken very badly, then one goes to
the machine and fix if from the local TTY.
With local access, there is no way how to prevent from rooting the
machine. (Let's forget on TPM-guarded or on-line-audited systems now.)
So preventing from logging as root on Linux virtual terminal is
Hiding a root access behind two passwords does not bring any better
security than using one strong root password.
You are making simple things over-complicated.
More information about the devel