SUMMARY: requiring su-ing to root regardless of being at console or not

From: Barbara A Basberg (basbe1ba@mail.cmich.edu)
Date: Fri Sep 25 1998 - 13:20:11 CDT


Many thanks to all who replied so quickly, I'm very grateful! :
Niall O Broin
Marco Greene
Kris Briscoe
"sasha e."
Craig Mertens
Robert G. Ferrell
Benjamin Cline
Frank Fiamingo
James Wendling
Jim Robertori
Matthew Stier
James T. Ranks
Stephanie Lam
Peter L. Wargo

(I hope I didn't miss anyone!)

My original question: How to require su-ing to root regardless of whether
someone is at the console or not. In other words, I knew how to disable
direct root login from anywhere but the console but wanted to disable it
there, too. We have half a dozen people who use root access. I am new to
this position so I want to be able to give them the ability to do what they
are accustomed to doing but have an audit trail to see who does what.

I was told to change the line in /etc/default/login from:

CONSOLE=/dev/console

to:

CONSOLE=/dev/null
or
CONSOLE=/dev/nowhere

with the caveat that I could run into trouble if I need root access in an
emergency, e.g. when no users can log in. I was also advised to use sudo
and/or xsh to allow the non system administrators to have certain root
privileges without having to use the /dev/null option.

Regards,
Barbara

Barbara Ann Basberg
Unix System Administrator
Technology Operations (formerly Computer Services)
Central Michigan University
009 Foust Hall
(517)774-3180
http://www.csv.cmich.edu/barbara.html



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:49 CDT