SUMMARY: CONSOLE setting in /etc/default/login file

From: J M <therealsunmanager_at_ntlworld.com>
Date: Tue Feb 17 2004 - 19:31:42 EST
Thanks for all the responses.

Most people agree the CONSOLE setting should be CONSOLE=/dev/console

This prevents allowing users to login directly as root. 

Direct root access to the console is recommended for emergency situations (disk space, swap, expired user accounts etc etc where normal users may be unable to login)

Alot of people expressed the importance of keeping machines and console access strictly secure.

thanks.


> 
> From: J M <therealsunmanager@ntlworld.com>
> Date: 2004/02/17 Tue AM 08:18:29 GMT
> To: sunmanagers@sunmanagers.org
> Subject: CONSOLE setting in /etc/default/login file
> 
> Hello.
> 
> I work on a site where all Solaris 8 machines have this setting in /etc/default/login
> 
> CONSOLE=/dev/null
> 
> This in effect means that root cannot login to the machine from anywhere. The only way to gain root access is to login as a normal user, them su to root.
> 
> I have number of questions / concerns regaring this.
> 
> 1) Does anybody else on this list use this setting?
> 2) Is this setting actually dangerous, for example if the root pw expires, su does not work; or normal users cannot login due to disk / memory resources unavailable etc etc.
> 3)  Not being able to su to root, would we have to crash the machine to recover this.
> 4) Is CONSOLE=/dev/console a better setting? this would allow root access on the console only, which could be used in case of emergency. ( most people would argue, if an intruder gets access to the console security is already in breach )
> 
> your help with this would be much appreciated
> 
> thanks
> 
> J
> 
> 
> -----------------------------------------
> Email provided by http://www.ntlhome.com/
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
> 

-----------------------------------------
Email provided by http://www.ntlhome.com/
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Tue Feb 17 19:31:31 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:28 EST