Re: root login

From: Bill Campbell (bill_at_celestial.com)
Date: 05/31/03 

Date: Sat, 31 May 2003 01:41:03 GMT
To: Sco Mailing List <scomsc@xenitec.on.ca>

On Sat, May 31, 2003 at 01:25:02AM +0000, Denise Zierke wrote:
>Is there anyway of stopping the root login altogether. Not the parameter
>setting in /etc/default/login at lets you
>point is some where specific... ie /dev/console
>
>I'm coming from Unisys SVR4 1.4 and in /etc/default/login there is a
>parameter to stop it ROOTLOGIN=NO/YES
>
>Is there a thing to turn it all way off... root login that is

There are several ways you could do this, but it would be a bit like
welding the hood of your car shut. You can use the /etc/securetty file to
restrict root logins to the console or specified ports.

Apple doesn't allow root logins on OS X by default, and expects people in
the admin group to use ``sudo'' to execute root commands. They do this by
not specifying a valid password for root so root logins don't work (the
first command I run on my OS X systems is ``sudo passwd root'' to create a
root login permitting me to login as root :-). Another option would be to
have a non-working password for root, permitting access only using secure
shell with authorization via the ~root/.ssh/authorized_keys file.

Bill 

--
INTERNET:   bill@Celestial.COM  Bill Campbell; Celestial Software LLC
UUCP:               camco!bill  PO Box 820; 6641 E. Mercer Way
FAX:            (206) 232-9186  Mercer Island, WA 98040-0820; (206) 236-1676
URL: http://www.celestial.com/
``Virtually everything is under federal control nowadays except the
federal budget.''
    -- Herman E. Talmadge, 1975