Jump to content

Two security questions


camorri
 Share

Recommended Posts

First of all, why would I need a user called guest? Is it necessary, and does it give me a security hole?

 

A little background. I'm running a samba server on this system, and I think the guest user is there to allow printing, without a log in by the end users. ( my family ).

 

I found a sym link in /home pointing to my home directory. Just a guess, does this give anyone connecting as 'guest' access to my home directory?

 

Second question, is about the root passwd. If I open a konsole, and su, the password I use works, I get root privileges, as expected. If I use ctrl + alt + f1 to get a command prompt, type 'root' and use the password that works from a konsole and su, the password fails.

 

I don't understand why it works with su and not through a tty.

 

How can I fix this, I would like one password that works for both.

 

I must admit, security is not my long suite...

Link to comment
Share on other sites

Can't help you about the guest user, but I would indeed remove it if unused (and give your family proper logins -- I believe that guest's files are cleaned out after logoff).

 

It is possible to restrict from which ttys you can logon as root using PAM, see file /etc/pam.d/login. The file /etc/securetty lists the consoles from which you can logon as root. You can always logon as root from an xterm started in your own Xwindows environment. PAM has many many options -- do some googling. Here is a starter: link.

Link to comment
Share on other sites

Thank-you for the response. I read the link information. I must admit I have some more reading to do.

 

I looked at /var/log/auth.log and found this - "pam_securetty(login:auth): access denied: tty 'tty2' is not secure !".

 

I see this is why I can not log through tty1 or tty2.

 

I will some more reading...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
 Share

×
×
  • Create New...