SUMMARY: Restricting root login to /dev/console

From: Mark Sims (
Date: Wed Jul 26 1995 - 08:13:51 CDT

Dudes and Dudettes,

Got a quick answer. Thanks to all that responded. I'm too embarrased to
name all of you ;^) .

My original question:

>Sun Managers,
>Under SunOS 4.x, I could restrict root login at the main console
>by editing /etc/ttytab's line:
>console "/usr/etc/getty cons8" sun on local secure
>console "/usr/etc/getty cons8" sun on local
>This would force someone logging in from the console to login as an
>actual user (other than root) and then they could "su root". The
>advantage to this is that you have a log of who logged in as root,
>either from the network or from the console.
>Under Solaris 2.x, I can't find a way to do this. If I edit the
>/etc/default/login file and include the line:
>this does not disable root login from the console.

The bottom line:

> This file's CONSOLE entry can actually be used in a variety of ways:
> 1) CONSOLE=/dev/console (default) - direct root logins only on console
> 2) CONSOLE=/dev/ttya - direct root logins only on /dev/ttya
> 3) CONSOLE= - direct root logins disallowed everywhere
> 4) #CONSOLE (or delete the line) - root logins allowed everywhere

Mark Sims
Mark Sims Email:
President URL:
Netrex, Inc. Voice: (810) 352-9643
3000 Town Center, Suite 1120 FAX: (810) 352-2375
Southfield, MI 48075

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:30 CDT