Hi, I have a question pertaining to /etc/login.access. I seem to be a little confused about exactly how this file is read by login.
The format is straightforward and makes sense but I am trying to restrict tty1 to root logins and I can't seem to get it just right. Here's what I have so far. Most of it is what came stock with the distro. # Restrict tty to root (this is what I'm trying to accomplish): -:ALL EXCEPT ROOT:tty1 # Disallow remote logins for certain users: # Disallow console logins to all but a few accounts. # -:ALL EXCEPT root <user1> <user2> <user3>:console # # Disallow non-local logins to privileged accounts (group wheel). # -:root:ALL EXCEPT LOCAL # # Some accounts are not allowed to login from anywhere: # #-:wsbscaro wsbsecr wsbspac wsbsym wscosor wstaiwde:ALL # # All other accounts are allowed to login from anywhere. # However, I can still log in as other users on tty1; the restriction appears to not do anything. BUT, if I restrict a user directly, like so: -:<user>:tty1 that user IS prevented from logging in on tty1. Why does the first method fail? I should be able to do that, shouldn't I? One other quickie: what's the functional difference between /etc/login.access and /etc/security/access.conf? When I place restrictions in the latter, nothing seems to happen, though the files are in exactly the same format. What then is the purpose of the one in /etc/security? Thanks!!
