locking root to a machine

Bryn M. Reeves bmr at redhat.com
Tue Oct 11 13:51:56 UTC 2011

On 10/09/2011 05:12 PM, Beartooth wrote:
> 	A regular on a private list I follow has written :
>      [...] therein lies the beauty of the newer flavors of *nix.  You
>     can lock root (and SU) access to physical machines ONLY, and
>     even lock it down to specific logins ONLY on specific machines.
> 	How would Fedora do that?

There's the pam_securetty module that filters root logins to a set of 
"secure" ttys listed in /etc/securetty. You can use that as a required 
pam module in the system authentication configuration to restrict root 
logins to physical terminals.


More information about the users mailing list