old-www/HOWTO/Remote-Serial-Console-HOWTO/misc-securetty.html

<HTML
><HEAD
><TITLE
>Allow root to
   login from serial console</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Remote Serial Console HOWTO"
HREF="index.html"><LINK
REL="UP"
TITLE="Configure incidentals"
HREF="misc.html"><LINK
REL="PREVIOUS"
TITLE="Configure incidentals"
HREF="misc.html"><LINK
REL="NEXT"
TITLE="Change init level to textual"
HREF="misc-init.html"></HEAD
><BODY
CLASS="SECTION"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Remote Serial Console HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="misc.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 7. Configure incidentals</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="misc-init.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECTION"
><H1
CLASS="SECTION"
><A
NAME="MISC-SECURETTY"
></A
>7.1. Allow <SPAN
CLASS="SYSTEMITEM"
>root</SPAN
> to
   login from serial console</H1
><P
>The file <TT
CLASS="FILENAME"
>/etc/securetty</TT
> controls the
   devices that the <SPAN
CLASS="SYSTEMITEM"
>root</SPAN
>
   user can log in upon.</P
><P
>It is usually desirable to have <SPAN
CLASS="SYSTEMITEM"
>root</SPAN
> be able to log in from the
   console, so add the basename of the serial console device to
   <TT
CLASS="FILENAME"
>/etc/securetty</TT
>.</P
><DIV
CLASS="FIGURE"
><A
NAME="MISC-SECRETTY-TTYS0"
></A
><P
><B
>Figure 7-1. Alter <TT
CLASS="FILENAME"
>securetty</TT
> to allow <SPAN
CLASS="SYSTEMITEM"
>root</SPAN
> to log in from the serial
    console</B
></P
><TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="PROGRAMLISTING"
>ttyS0</PRE
></FONT
></TD
></TR
></TABLE
></DIV
><P
>Almost anyone can now dial into the modem and attempt to
   guess the <SPAN
CLASS="SYSTEMITEM"
>root</SPAN
> password.
   Normally we do not allow <SPAN
CLASS="SYSTEMITEM"
>root</SPAN
> to log in from a remote site,
   rather we have a normal user log in and then use
   <B
CLASS="COMMAND"
>su</B
> or <A
HREF="http://www.courtesan.com/sudo/"
TARGET="_top"
><B
CLASS="COMMAND"
>sudo</B
></A
>
   to become <SPAN
CLASS="SYSTEMITEM"
>root</SPAN
>.  This
   gives some traceability.</P
><P
>Unfortunately, the <SPAN
CLASS="SYSTEMITEM"
>root</SPAN
> user needs to be able to log in
   from the console to fix a full disk.  Disk subsystems typically
   reserve 5% of their space for root's exclusive use.<A
NAME="AEN1808"
HREF="#FTN.AEN1808"
><SPAN
CLASS="footnote"
>[1]</SPAN
></A
>

   This is enough space for the <SPAN
CLASS="SYSTEMITEM"
>root</SPAN
> user to log in and start
   deleting the files that filled the disk.</P
><DIV
CLASS="NOTE"
><P
></P
><TABLE
CLASS="NOTE"
WIDTH="100%"
BORDER="0"
><TR
><TD
WIDTH="25"
ALIGN="CENTER"
VALIGN="TOP"
><IMG
SRC="../images/note.gif"
HSPACE="5"
ALT="Note"></TD
><TH
ALIGN="LEFT"
VALIGN="CENTER"
><B
><TT
CLASS="FILENAME"
>securetty</TT
> and Red Hat's
    <SPAN
CLASS="APPLICATION"
>kudzu</SPAN
></B
></TH
></TR
><TR
><TD
>&nbsp;</TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
><P
><SPAN
CLASS="APPLICATION"
>kudzu</SPAN
> automatically adds the
    device being used as the console to
    <TT
CLASS="FILENAME"
>securetty</TT
>.</P
></TD
></TR
></TABLE
></DIV
></DIV
><H3
CLASS="FOOTNOTES"
>Notes</H3
><TABLE
BORDER="0"
CLASS="FOOTNOTES"
WIDTH="100%"
><TR
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="5%"
><A
NAME="FTN.AEN1808"
HREF="misc-securetty.html#AEN1808"
><SPAN
CLASS="footnote"
>[1]</SPAN
></A
></TD
><TD
ALIGN="LEFT"
VALIGN="TOP"
WIDTH="95%"
><P
>This is not as inefficient as it may appear.  The last 5%
     of a disk formatted with a general purpose filesystem always
     performs poorly and is best left empty.</P
></TD
></TR
></TABLE
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="misc.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="misc-init.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Configure incidentals</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="misc.html"
ACCESSKEY="U"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Change <SPAN
CLASS="APPLICATION"
>init</SPAN
> level to textual</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>