My thanks go to:
fabrice@sj.ate.slb.com (Fabrice Le Metayer)
Seth Robertson <seth@ctr.columbia.edu>
cameron@cs.adelaide.edu.au (Cameron Humphries)
Gerhard.Holzer@rcvie.co.at (Gerhard Holzer)
per@erix.ericsson.se (Per Hedeland)
Brent Alan Wiese <brent@crick.ssctr.bcm.tmc.edu>
eckhard@ikarus.ts.go.dlr.de (Eckhard Rueggeberg)
havia@cc.helsinki.fi (Jyrki Havia)
randy@ncbi.nlm.nih.gov (Rand S. Huntzinger)
(and possibly others).
The quick solution is to put this in /usr/lib/X11/xdm/Xsession:
# Make sure root can't log in.
if [ "$USER" = "root" ]; then
exit 0
fi
which does the trick, but doesn't fill out a few other small holes.
Seth Robertson mentioned setting the DisplayManager*startup resource
to a script that's run as root that can do a similar test, among other
things (like check that the user's shell is in /etc/shells). He uses
a script called Xstartup that looks for /etc/nologin and performs wtmp
accounting. The stuff's on ftp.ctr.columbia.edu in the directory
Xkernel, named xdm.R5.test-config.shar. I'm going to use this method
when I have a few minutes free to sit down & set it up. (For the time
being I've gone with the quick fix.)
-- Brendan Kehoe, Sun Network Manager brendan@cs.widener.edu Widener University Chester, PA``Ya know Quaker Oats make you feel good twice?'' Hmm.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:34 CDT