# # How can I prevent root logins over telnet? (SCO Unix)
APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed

Unix, Xenix and ODT General FAQ

I've removed advertising from most of this site and will eventually clean up the few pages where it remains.

While not terribly expensive to maintain, this does cost me something. If I don't get enough donations to cover that expense, I will be shutting the site down in early 2020.

If you found something useful today, please consider a small donation.



Some material is very old and may be incorrect today

© December 2003 (various)

This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open This is an old article about SCO Unix and is only left here for historical purposes. There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.

How can I prevent root logins over telnet (Old Sco Unix)?

This is SCO specific

First, you can limit root logins to a specific device by adding an entry to /etc/default/login:

 CONSOLE=/dev/tty01
 

restricts root to the ALT-F1 multiscreen only. Unfortunately, there doesn't seem to be any way to add more than one device with CONSOLE, so that locks root out of tty02 and all the rest.

Less secure, but still useful, is to test within /etc/profile to boot root out of any but the multiscreens. Code to do that might look like:


 IAM=`who am i | cut -d" " -f1`
 TTY=`tty`
 if [ $IAM = "root" ]
 then
  case $TTY in
   /dev/tty[0-1][0-9]) : ;;
   *) exit 0;;
   esac
 fi
 

But this simplistic approach can cause problems with single user mode login. To avoid that, you need something that uses "who -r" to test the run-level and avoid the other tests if it isn't multiuser.

The 5.0.6 release adds a REMOTE_ROOT_OK keyword that can be used in /etc/default/login that *will* allow network access while when CONSOLE is set! See "man login" (5.0.6).


If you found something useful today, please consider a small donation.



Got something to add? Send me email.





(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> How can I prevent root logins over telnet? (SCO Unix)


Inexpensive and informative Apple related e-books:

Take Control of Numbers

Take Control of Parallels Desktop 12

Sierra: A Take Control Crash Course

Take Control of Preview

iOS 10: A Take Control Crash Course






Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us


Printer Friendly Version





The computer is a moron. (Peter Drucker)




Linux posts

Troubleshooting posts


This post tagged:

FAQ



Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode