From 520c3a8b9d28e7d327aa2cc938fff1b6da08ee95 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Aulery?= Date: Sat, 7 Mar 2015 17:06:58 +0100 Subject: [PATCH] securetty.5: Note that the pam_securetty module also uses this file MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=528015 This patch is a modified version of the one proposed without parts specific to Debian. Reported-by: Nicolas FRANCOIS Signed-off-by: Stéphane Aulery Signed-off-by: Michael Kerrisk --- man5/securetty.5 | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/man5/securetty.5 b/man5/securetty.5 index 99f6c5701..88f9fb639 100644 --- a/man5/securetty.5 +++ b/man5/securetty.5 @@ -29,17 +29,26 @@ securetty \- file which lists terminals from which root can log in .SH DESCRIPTION The file .I /etc/securetty -is used by (some versions of) -.BR login (1). -The file contains the device names of terminal lines +contains the names of terminals (one per line, without leading .IR /dev/ ) +which are considered secure for the transmission of certain authentication +tokens. +.P +It is used by (some versions of) +.BR login (1) +to restrict the terminals on which root is allowed to login. See .BR login.defs (5) if you use the shadow suite. +.P +On PAM enabled systems, it is used for the same purpose by +.BR pam_securetty (8) +to restrict the terminals on which empty passwords are accepted. .SH FILES .I /etc/securetty .SH SEE ALSO .BR login (1), -.BR login.defs (5) +.BR login.defs (5), +.BR pam_securetty (8)