On 8/8/07, Scott Ehrlich <[EMAIL PROTECTED]> wrote:
> I found, under a 64-bit CentOS 5 workstation install, it is possible to
> modify /etc/inittab and add a couple of lines to prevent root from logging
> into the console.
>
> I found, under a 64-bit RHEL 5 server install, adding the same two lines
> completely breaks the OS, to the point that a reboot after the lines are
> added, the OS brings you to a fsck-like prompt, and other things break,
> too. I didn't have time to look at the logs for specifics, if any were
> recorded.
That's rather odd. The two files are (or should be) identical.
> Does anyone know if a CentOS 5 server install option permits locking out
> root from console login? Does anyone know of a way, in RHEL 5 Server
> edition, to prevent root from a console login?
You can edit /etc/securetty, which controls what root is allowed to
log in from. In reality, I'd leave the console there, but block ssh
and most of the other ones. You'll want root access at the console if
something catastrophic happens and you need to recover. If they've got
local access to the machine, it's basically theirs anyway.
While you're using centos5, most of these ->
http://centos.org/docs/4/html/rhel-sg-en-4/s1-wstation-privileges.html
should work just the same for you.
--
During times of universal deceit, telling the truth becomes a revolutionary act.
George Orwell
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
