Unix, Xenix and ODT General FAQ

This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open This is an old article about SCO Unix and is only left here for historical purposes. There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.

How can I prevent root logins over telnet (Old Sco Unix)?

This is SCO specific

First, you can limit root logins to a specific device by adding an entry to /etc/default/login:

 CONSOLE=/dev/tty01

restricts root to the ALT-F1 multiscreen only. Unfortunately, there doesn't seem to be any way to add more than one device with CONSOLE, so that locks root out of tty02 and all the rest.

Less secure, but still useful, is to test within /etc/profile to boot root out of any but the multiscreens. Code to do that might look like:


 IAM=`who am i | cut -d" " -f1`
 TTY=`tty`
 if [ $IAM = "root" ]
 then
  case $TTY in
   /dev/tty[0-1][0-9]) : ;;
   *) exit 0;;
   esac
 fi

But this simplistic approach can cause problems with single user mode login. To avoid that, you need something that uses "who -r" to test the run-level and avoid the other tests if it isn't multiuser.

The 5.0.6 release adds a REMOTE_ROOT_OK keyword that can be used in /etc/default/login that *will* allow network access while when CONSOLE is set! See "man login" (5.0.6).



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> How can I prevent root logins over telnet? (SCO Unix)



Increase ad revenue 50-250% with Ezoic

Kerio Samepage

Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us