On Wed, Jul 09, 2003 at 01:14:06PM -0400, Charley wrote: > I would like to restrict user login based on the terminal where the login > request originates. Ideally, I want Root, and ONLY Root, to be able to log > in at the console. The system is already running SSHD, so I want to be able
That's more than possible. Take a look at /etc/login.access and
/etc/login.conf. In login.access a simple:
-:ALL EXCEPT root # taken from the examples near the end (which actual
use groups)
should do the trick.
> to check logins via SSH. Root should not be allowed to log in from a remote
That's all defined in your sshd config (by default root cannot login via
sshd). If you're really paranoid, the second example in login.access:
-:root:ALL EXCEPT LOCAL # instead of considering root, the ``wheel''
group might be better.
> terminal and SU should be disabled for any remote terminal. Is there
By default, only members of the wheel group can su to root.
> something in the ports collection that I've missed that will do this? Maybe
> I'm just blind and haven't yet seen something like this in the manual.
Well, I don't know exactly what you want to do... but ``su'' is setuid
root, so you could unset that and use the ``sudo'' command. Take a look
at security/sudo in the ports collection. That'd be quite contrived
though.
Best wishes,
-lewiz.
P.S.
Some of my examples might not work -- I didn't test them and I'm
shocking for getting things to work first time.
--
"Why was I born with such contemporaries?"
-- Oscar Wilde
------------------------------------------------------------------------
-| msn:[EMAIL PROTECTED] | jab:[EMAIL PROTECTED] | url:http://lewiz.net |-
pgp00000.pgp
Description: PGP signature
