From owner-freebsd-questions  Tue May  7 06:47:45 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id GAA07597
          for questions-outgoing; Tue, 7 May 1996 06:47:45 -0700 (PDT)
Received: (from jmb@localhost)
          by freefall.freebsd.org (8.7.3/8.7.3) id GAA07591
          Tue, 7 May 1996 06:47:44 -0700 (PDT)
From: "Jonathan M. Bresler" <jmb>
Message-Id: <199605071347.GAA07591@freefall.freebsd.org>
Subject: Re: Root on console
To: compland@ism.com.br (Helio Coelho Jr. - CompuLand Informatica)
Date: Tue, 7 May 1996 06:47:44 -0700 (PDT)
Cc: questions@FreeBSD.ORG
In-Reply-To: <199605071318.KAA01643@unix1.ism.com.br> from "Helio Coelho Jr. - CompuLand Informatica" at May 7, 96 10:18:40 am
X-Mailer: ELM [version 2.4 PL24]
Content-Type: text
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Helio Coelho Jr. - CompuLand Informatica wrote:
> 
> Hi:
> 
>    There is a way to force that root sessions can only be started on the
> console (the local machine) ?
	
	the "secure" keyword in /etc/ttys allows root logins on that
	terminal.  change it to "insecure" to disallow root logins, then
	"kill -HUP 1" to put the change into effect.

	ttyv0   "/usr/libexec/getty Pc"         cons25  on  secure
	ttyv1   "/usr/libexec/getty Pc"         cons25  on  insecure

	allows root logins on ttyv0.  disallows root logins on ttyv1

	any user can try to "su" if they are in the "wheel" group,
	regardless of which terminal they are using.

jmb
--
Jonathan M. Bresler           FreeBSD Postmaster             jmb@FreeBSD.ORG
FreeBSD--4.4BSD Unix for PC clones, source included. http://www.freebsd.org/