> > Hi Guy,
> > just change "CONSOLE=/dev/console" to "CONSOLE=" in
> > /etc/default/login. Afterwards you have to login with a "normal"
> > Account, then su - root. Direct logins as root will get "Not on
> > system console".
> I checked my /etc/default/login and found the following:
> # If CONSOLE is set, root can only login on that device.
> # Comment this line out to allow remote login by root.
> #
> CONSOLE=/dev/console
> My system does not allow remote logins but only su - from another user.
Makes sense.
The CONSOLE={wherever} statement in /etc/default login means
"if root tries to log in, only let them do so if they are on the device
identified as {wherever}".
By default you'd specify CONSOLE=/dev/console (meaning "if root tries to
log in, only let them log in if they are on /dev/console").
If you follow this argument further, Thomas' suggestion says
CONSOLE=
which means (essentially) "if root tries to log in, only let them log in
if the device they are trying to log in on doesn't have a name". As a
device will *always* have a name (whether it be /dev/console or
/dev/pts/5, or whatever) root can never log in directly with this
setting (and will always have to log in as a non UID 0 user and use su).
The same applies to settings like CONSOLE=/dev/null (root's login device
will never be /dev/null !).
Personally I wouldn't recommend it.
If the CONSOLE statement doesn't appear in /etc/default/login at all (or
is commented out - same thing) then the system doesn't care which login
device root is trying to use.
Hope this makes sense!
--
Tony
My opinions may not coincide with those of Sun Microsystems at all times