SUMMARY: How to limit a user to login only from console?

From: Francisco Javier Arias Correa (NIC) (
Date: Wed Jul 22 1998 - 14:09:06 CDT

Thanks to:

        Wim Olivier <>
        "Todd A. Fiedler" <>
        "Marco Greene" <>
        Dave McFerren <>
        Dennis Martens <>

Original question:

        I need to be able to limit one user (the user is not root) to
login only from console, not from telnet, using rexec or some other
like that. Is there any way of doing this?


#.profile of the user
if [ `tty` != '/dev/console' ]
        echo "Access denied"
        exit 1


1) From: Wim Olivier <>

        Put a script testing for /dev/console in his .profile. If yes,
        then do nothing, if ptty then exit. (this is about 2 lines

2) From: "Todd A. Fiedler" <>

        The only way I can think of doing this is to write a script that
        acts as a wrapper to a shell. You could then have the script
        check to see what device the user is logging in one, and if it is
        not /dev/console, you could have it issue a warning message and
        disconnect. Even better, you could write a small C program to do
        this, it would be faster and probably more secure.

        You would then need to place the script (or program) into the
        passwd file as the user's shell (item 7 in the list).

        Solaris seems to only support root console restriction.

3) From: "Marco Greene" <>
        You can always disable telnet ftp /etc/rpc and
4) From: Dave McFerren <>

        Try putting tcp wrappers on the daemons and make sure that his
        login name is not allowed.
5) From: Dennis Martens <>
        In the file /etc/default/login, put the entry:

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:44 CDT