locking root to a machine
Bryn M. Reeves
bmr at redhat.com
Tue Oct 11 13:51:56 UTC 2011
On 10/09/2011 05:12 PM, Beartooth wrote:
> A regular on a private list I follow has written :
> [...] therein lies the beauty of the newer flavors of *nix. You
> can lock root (and SU) access to physical machines ONLY, and
> even lock it down to specific logins ONLY on specific machines.
> How would Fedora do that?
There's the pam_securetty module that filters root logins to a set of
"secure" ttys listed in /etc/securetty. You can use that as a required
pam module in the system authentication configuration to restrict root
logins to physical terminals.
More information about the users