camorri Posted April 11, 2009 Report Share Posted April 11, 2009 First of all, why would I need a user called guest? Is it necessary, and does it give me a security hole? A little background. I'm running a samba server on this system, and I think the guest user is there to allow printing, without a log in by the end users. ( my family ). I found a sym link in /home pointing to my home directory. Just a guess, does this give anyone connecting as 'guest' access to my home directory? Second question, is about the root passwd. If I open a konsole, and su, the password I use works, I get root privileges, as expected. If I use ctrl + alt + f1 to get a command prompt, type 'root' and use the password that works from a konsole and su, the password fails. I don't understand why it works with su and not through a tty. How can I fix this, I would like one password that works for both. I must admit, security is not my long suite... Link to comment Share on other sites More sharing options...
pindakoe Posted April 11, 2009 Report Share Posted April 11, 2009 Can't help you about the guest user, but I would indeed remove it if unused (and give your family proper logins -- I believe that guest's files are cleaned out after logoff). It is possible to restrict from which ttys you can logon as root using PAM, see file /etc/pam.d/login. The file /etc/securetty lists the consoles from which you can logon as root. You can always logon as root from an xterm started in your own Xwindows environment. PAM has many many options -- do some googling. Here is a starter: link. Link to comment Share on other sites More sharing options...
camorri Posted April 11, 2009 Author Report Share Posted April 11, 2009 Thank-you for the response. I read the link information. I must admit I have some more reading to do. I looked at /var/log/auth.log and found this - "pam_securetty(login:auth): access denied: tty 'tty2' is not secure !". I see this is why I can not log through tty1 or tty2. I will some more reading... Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now