root logins & syslog

root logins & syslog

Post by Andrew T. Co » Sun, 09 Dec 1990 07:55:39



 IBM6000: aix 3.001

A while back someone had mentioned in order to restrict root logins
 just change the valid ttys to the console device and sure enough
this will work.

#1 Question:  does this valid tty change also restrict "su - root"
                to that device.

#2 Question:  I cannot get the syslog daemon to put the "su to root"
                entries anywhere.  Does this work on aix?

                Normally it's  "auth  or  auth.notice" entry
                in the conf file.  Has anyone been able to get this
                to work.


                             UUCP:     ...philabs!sbcs!bnl!como

 
 
 

root logins & syslog

Post by John F Haugh » Tue, 11 Dec 1990 05:48:32



Quote:>#1 Question:  does this valid tty change also restrict "su - root"
>            to that device.

No, the checks only apply to login time.  There are ways to restrict
someone from su-ing to your account, but not on the basis of TTY name.

If you are really interested in restricting someone on the basis of
arbitrary criteria, please look into the "auth1" and "auth2" attributes.
It is possible to define special processing on a per-user basis using
those fields.

Quote:>#2 Question:  I cannot get the syslog daemon to put the "su to root"
>            entries anywhere.  Does this work on aix?

AIX is more "System V"-like than "BSD"-like.  The AT&T "su" doesn't
perform syslogging, and neither (so far as I've ever seen ...) does
AIX.  Sad to say, but it also doesn't create records in /usr/adm/sulog ...
--
John F. Haugh II                             UUCP: ...!cs.utexas.edu!rpp386!jfh