Two security questions

[camorri]

First of all, why would I need a user called guest? Is it necessary, and does it give me a security hole?

 

A little background. I'm running a samba server on this system, and I think the guest user is there to allow printing, without a log in by the end users. ( my family ).

 

I found a sym link in /home pointing to my home directory. Just a guess, does this give anyone connecting as 'guest' access to my home directory?

 

Second question, is about the root passwd. If I open a konsole, and su, the password I use works, I get root privileges, as expected. If I use ctrl + alt + f1 to get a command prompt, type 'root' and use the password that works from a konsole and su, the password fails.

 

I don't understand why it works with su and not through a tty.

 

How can I fix this, I would like one password that works for both.

 

I must admit, security is not my long suite...

[pindakoe]

Can't help you about the guest user, but I would indeed remove it if unused (and give your family proper logins -- I believe that guest's files are cleaned out after logoff).

 

It is possible to restrict from which ttys you can logon as root using PAM, see file /etc/pam.d/login. The file /etc/securetty lists the consoles from which you can logon as root. You can always logon as root from an xterm started in your own Xwindows environment. PAM has many many options -- do some googling. Here is a starter: link.

[camorri]

Thank-you for the response. I read the link information. I must admit I have some more reading to do.

 

I looked at /var/log/auth.log and found this - "pam_securetty(login:auth): access denied: tty 'tty2' is not secure !".

 

I see this is why I can not log through tty1 or tty2.

 

I will some more reading...