phil@RICE.ARPA (William LeFebvre) (02/21/85)
> here's down!/.profile, written by pat parseghian, bowdlerized by me: > trap exit 1 2 3 15 > if [ "`tty`" != "/dev/console" ] > then > echo "root must log in on the console" > exit 1 > fi > trap 1 2 3 15 > there is probably a narrow window of vulnerability here. Don't know about Bell systems, but this functionality is already built in to Berkeley's login.c. It checks a file called /etc/securetty whenever root logs in. It will only allow root logins on the ttys listed in that file. If the file doesn't exist, then it will let root login anywhere. About the only thing you can't do with this mechanism is print an informative message (like "root must log in on the console"), but I don't think that's all that big a loss. There is also no "window of vulnerability" in this scheme. This is documented (although rather briefly) on the manual page for login(1). William LeFebvre Department of Computer Science Rice University <phil@Rice.arpa>