Root login at console

[Doug Hardie]

On Nov 12, 2004, at 23:18, Ted Mittelstaedt wrote:

>
>
>> -----Original Message-----
>> From: owner-freebsd-questions at freebsd.org
>> [mailto:owner-freebsd-questions at freebsd.org]On Behalf Of Doug Hardie
>> Sent: Friday, November 12, 2004 10:52 PM
>> To: f-questions List
>> Subject: Root login at console
>>
>>
>> I am setting up some 5.3 systems and have encountered a situation I
>> can't figure out.  I have had the following (and only) active line in
>> 4.6 systems /etc/login.allow:
>>
>> -:ALL EXCEPT user1 user2 user3: ALL
>>
>> That only permitted logins from those 3 users and not root.  The users
>> had to su to get to root - even on the console.  However that same 
>> line
>> in 5.3 doesn't let anyone su to root (terminal or console).  I have to
>> add root to the list:
>>
>> -:ALL EXCEPT root user1 user2 user3: ALL
>>
>> Then the users can su to root.  However root can login on the console
>> directly which I don't want.  I have tried a few diferent approaches 
>> to
>> make this work but none have succeeded.  What am I missing?  Thanks.
>>
>
> I don't think that the /etc/login.allow should have blocked root login 
> at
> the console.  If it did in 4.x that is a bug and 5.3 corrected it.
>
> If you want to block root login at the console then edit /etc/ttys and
> change the keyword from "secure" to "insecure" for the console.
>
> Ted

Thanks.  I just checked ttys in my 4.6 system and they all say secure.  
I see the instructions in ttys now and that makes sense.  A quick check 
also shows it works.  I guess there was a bug in 4.6.  The instructions 
seem to indicate that removing the secure keyword is all that is 
required.  Thats what I checked and it worked.  I presume thats the 
same as using the insecure key which I really didn't see mentioned.