como@max.bnl.gov (Andrew T. Como) (12/08/90)
IBM6000: aix 3.001 A while back someone had mentioned in order to restrict root logins just change the valid ttys to the console device and sure enough this will work. #1 Question: does this valid tty change also restrict "su - root" to that device. #2 Question: I cannot get the syslog daemon to put the "su to root" entries anywhere. Does this work on aix? Normally it's "auth or auth.notice" entry in the conf file. Has anyone been able to get this to work. Andrew Como INTERNET: como@bnl.gov BITNET: como@bnlux0.BITNET UUCP: ...philabs!sbcs!bnl!como or bnlux0!como@uunet.uu.net
jfh@rpp386.cactus.org (John F Haugh II) (12/10/90)
In article <2356@bnlux0.bnl.gov> como@max.bnl.gov (Andrew T. Como) writes: >#1 Question: does this valid tty change also restrict "su - root" > to that device. No, the checks only apply to login time. There are ways to restrict someone from su-ing to your account, but not on the basis of TTY name. If you are really interested in restricting someone on the basis of arbitrary criteria, please look into the "auth1" and "auth2" attributes. It is possible to define special processing on a per-user basis using those fields. >#2 Question: I cannot get the syslog daemon to put the "su to root" > entries anywhere. Does this work on aix? AIX is more "System V"-like than "BSD"-like. The AT&T "su" doesn't perform syslogging, and neither (so far as I've ever seen ...) does AIX. Sad to say, but it also doesn't create records in /usr/adm/sulog ... -- John F. Haugh II UUCP: ...!cs.utexas.edu!rpp386!jfh Ma Bell: (512) 832-8832 Domain: jfh@rpp386.cactus.org