Manualshelf

Installation guide

ManualsBrandsRed Hat ManualsSoftwareNETSCAPE MANAGEMENT SYSTEM 4.5 - CUSTOMIZATION GUIDE
151152153154155156157158159160
160 Chapter 17. Console Access
shutdown of the system will continue; if not, an error message will be written to the system
console instead.
For more information on shutdown.allow see the shutdown man page.
17.2. Disabling Console Program Access
In order to disable access by users to console programs, you should run this command as
root:
rm -f /etc/security/console.apps/*
In environments where the console is otherwise secured (BIOS and boot loader passwords
are set, [Ctrl]-[Alt]-[Delete] is disabled, the power and reset switches are disabled, and so
forth), you may not want to allow any user at the console to run poweroff, halt, and reboot,
which are accessible from the console by default.
To remove these abilities, run the following commands as root:
rm -f /etc/security/console.apps/poweroff
rm -f /etc/security/console.apps/halt
rm -f /etc/security/console.apps/reboot
17.3. Disabling All Console Access
The PAM pam_console.so module manages console file permissions and authentication.
(See the Official Red Hat Linux Reference Guide for more information on configuring PAM.) If
you want to disable all console access, including program and file access, comment out all
lines that refer to pam_console.so in the /etc/pam.d directory. As root, the following script
will do the trick:
cd /etc/pam.d
for i in * ; do
sed ’/[^#].*pam_console.so/s/^/#/’
$i foo && mv foo $i
done
17.4. Defining the Console
The pam_console.so module uses the /etc/security/console.perms file to determine
the permissions for users at the system console. The syntax of the file is very flexible; you
can edit the file so that these instructions no longer apply. However, the default file has a
line that looks like this:
console =tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9]
When users log in, they are attached to some sort of named terminal, either an X server with
a name like :0 or mymachine.example.com:1.0 or a device like /dev/ttyS0 or /dev/pts/2.
The default is to define that local virtual consoles and local X servers are considered local,
but if you want to consider the serial terminal next to you on port /dev/ttyS1 to also be
local, you can change that line to read:
console =tty[0-9][0-9]* :[0-9]\.[0-9] :[0-9] /dev/ttyS1