332 lines
4.6 KiB
HTML
332 lines
4.6 KiB
HTML
<HTML
|
|
><HEAD
|
|
><TITLE
|
|
>Allow root to
|
|
login from serial console</TITLE
|
|
><META
|
|
NAME="GENERATOR"
|
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
|
|
REL="HOME"
|
|
TITLE="Remote Serial Console HOWTO"
|
|
HREF="index.html"><LINK
|
|
REL="UP"
|
|
TITLE="Configure incidentals"
|
|
HREF="misc.html"><LINK
|
|
REL="PREVIOUS"
|
|
TITLE="Configure incidentals"
|
|
HREF="misc.html"><LINK
|
|
REL="NEXT"
|
|
TITLE="Change init level to textual"
|
|
HREF="misc-init.html"></HEAD
|
|
><BODY
|
|
CLASS="SECTION"
|
|
BGCOLOR="#FFFFFF"
|
|
TEXT="#000000"
|
|
LINK="#0000FF"
|
|
VLINK="#840084"
|
|
ALINK="#0000FF"
|
|
><DIV
|
|
CLASS="NAVHEADER"
|
|
><TABLE
|
|
SUMMARY="Header navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TH
|
|
COLSPAN="3"
|
|
ALIGN="center"
|
|
>Remote Serial Console HOWTO</TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="left"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="misc.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="80%"
|
|
ALIGN="center"
|
|
VALIGN="bottom"
|
|
>Chapter 7. Configure incidentals</TD
|
|
><TD
|
|
WIDTH="10%"
|
|
ALIGN="right"
|
|
VALIGN="bottom"
|
|
><A
|
|
HREF="misc-init.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"></DIV
|
|
><DIV
|
|
CLASS="SECTION"
|
|
><H1
|
|
CLASS="SECTION"
|
|
><A
|
|
NAME="MISC-SECURETTY"
|
|
></A
|
|
>7.1. Allow <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> to
|
|
login from serial console</H1
|
|
><P
|
|
>The file <TT
|
|
CLASS="FILENAME"
|
|
>/etc/securetty</TT
|
|
> controls the
|
|
devices that the <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
>
|
|
user can log in upon.</P
|
|
><P
|
|
>It is usually desirable to have <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> be able to log in from the
|
|
console, so add the basename of the serial console device to
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>/etc/securetty</TT
|
|
>.</P
|
|
><DIV
|
|
CLASS="FIGURE"
|
|
><A
|
|
NAME="MISC-SECRETTY-TTYS0"
|
|
></A
|
|
><P
|
|
><B
|
|
>Figure 7-1. Alter <TT
|
|
CLASS="FILENAME"
|
|
>securetty</TT
|
|
> to allow <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> to log in from the serial
|
|
console</B
|
|
></P
|
|
><TABLE
|
|
BORDER="0"
|
|
BGCOLOR="#E0E0E0"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
><FONT
|
|
COLOR="#000000"
|
|
><PRE
|
|
CLASS="PROGRAMLISTING"
|
|
>ttyS0</PRE
|
|
></FONT
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
><P
|
|
>Almost anyone can now dial into the modem and attempt to
|
|
guess the <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> password.
|
|
Normally we do not allow <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> to log in from a remote site,
|
|
rather we have a normal user log in and then use
|
|
<B
|
|
CLASS="COMMAND"
|
|
>su</B
|
|
> or <A
|
|
HREF="http://www.courtesan.com/sudo/"
|
|
TARGET="_top"
|
|
><B
|
|
CLASS="COMMAND"
|
|
>sudo</B
|
|
></A
|
|
>
|
|
to become <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
>. This
|
|
gives some traceability.</P
|
|
><P
|
|
>Unfortunately, the <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> user needs to be able to log in
|
|
from the console to fix a full disk. Disk subsystems typically
|
|
reserve 5% of their space for root's exclusive use.<A
|
|
NAME="AEN1808"
|
|
HREF="#FTN.AEN1808"
|
|
><SPAN
|
|
CLASS="footnote"
|
|
>[1]</SPAN
|
|
></A
|
|
>
|
|
|
|
This is enough space for the <SPAN
|
|
CLASS="SYSTEMITEM"
|
|
>root</SPAN
|
|
> user to log in and start
|
|
deleting the files that filled the disk.</P
|
|
><DIV
|
|
CLASS="NOTE"
|
|
><P
|
|
></P
|
|
><TABLE
|
|
CLASS="NOTE"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="25"
|
|
ALIGN="CENTER"
|
|
VALIGN="TOP"
|
|
><IMG
|
|
SRC="../images/note.gif"
|
|
HSPACE="5"
|
|
ALT="Note"></TD
|
|
><TH
|
|
ALIGN="LEFT"
|
|
VALIGN="CENTER"
|
|
><B
|
|
><TT
|
|
CLASS="FILENAME"
|
|
>securetty</TT
|
|
> and Red Hat's
|
|
<SPAN
|
|
CLASS="APPLICATION"
|
|
>kudzu</SPAN
|
|
></B
|
|
></TH
|
|
></TR
|
|
><TR
|
|
><TD
|
|
> </TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
><P
|
|
><SPAN
|
|
CLASS="APPLICATION"
|
|
>kudzu</SPAN
|
|
> automatically adds the
|
|
device being used as the console to
|
|
<TT
|
|
CLASS="FILENAME"
|
|
>securetty</TT
|
|
>.</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></DIV
|
|
><H3
|
|
CLASS="FOOTNOTES"
|
|
>Notes</H3
|
|
><TABLE
|
|
BORDER="0"
|
|
CLASS="FOOTNOTES"
|
|
WIDTH="100%"
|
|
><TR
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="5%"
|
|
><A
|
|
NAME="FTN.AEN1808"
|
|
HREF="misc-securetty.html#AEN1808"
|
|
><SPAN
|
|
CLASS="footnote"
|
|
>[1]</SPAN
|
|
></A
|
|
></TD
|
|
><TD
|
|
ALIGN="LEFT"
|
|
VALIGN="TOP"
|
|
WIDTH="95%"
|
|
><P
|
|
>This is not as inefficient as it may appear. The last 5%
|
|
of a disk formatted with a general purpose filesystem always
|
|
performs poorly and is best left empty.</P
|
|
></TD
|
|
></TR
|
|
></TABLE
|
|
><DIV
|
|
CLASS="NAVFOOTER"
|
|
><HR
|
|
ALIGN="LEFT"
|
|
WIDTH="100%"><TABLE
|
|
SUMMARY="Footer navigation table"
|
|
WIDTH="100%"
|
|
BORDER="0"
|
|
CELLPADDING="0"
|
|
CELLSPACING="0"
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="misc.html"
|
|
ACCESSKEY="P"
|
|
>Prev</A
|
|
></TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="index.html"
|
|
ACCESSKEY="H"
|
|
>Home</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="misc-init.html"
|
|
ACCESSKEY="N"
|
|
>Next</A
|
|
></TD
|
|
></TR
|
|
><TR
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="left"
|
|
VALIGN="top"
|
|
>Configure incidentals</TD
|
|
><TD
|
|
WIDTH="34%"
|
|
ALIGN="center"
|
|
VALIGN="top"
|
|
><A
|
|
HREF="misc.html"
|
|
ACCESSKEY="U"
|
|
>Up</A
|
|
></TD
|
|
><TD
|
|
WIDTH="33%"
|
|
ALIGN="right"
|
|
VALIGN="top"
|
|
>Change <SPAN
|
|
CLASS="APPLICATION"
|
|
>init</SPAN
|
|
> level to textual</TD
|
|
></TR
|
|
></TABLE
|
|
></DIV
|
|
></BODY
|
|
></HTML
|
|
> |