Jump to content
  • Announcements

    • spinynorman

      Mandriva Official Documentation

      Official documentation for extant versions of Mandriva can be found at doc.mandriva.com.   Documentation for the latest release may take some time to appear there. You can install all the manuals from the main repository if you have Mandriva installed - files are prefixed mandriva-doc.
    • paul

      Forum software upgrade   10/29/17

      So you may have noticed the forum software has upgraded !!!
      A few things that have changed. We no longer have community blogs (was never really used) We no longer have a portal page.
      We can discuss this, and decide whether it is needed (It costs money) See this thread: Here

Two security questions

Recommended Posts

First of all, why would I need a user called guest? Is it necessary, and does it give me a security hole?


A little background. I'm running a samba server on this system, and I think the guest user is there to allow printing, without a log in by the end users. ( my family ).


I found a sym link in /home pointing to my home directory. Just a guess, does this give anyone connecting as 'guest' access to my home directory?


Second question, is about the root passwd. If I open a konsole, and su, the password I use works, I get root privileges, as expected. If I use ctrl + alt + f1 to get a command prompt, type 'root' and use the password that works from a konsole and su, the password fails.


I don't understand why it works with su and not through a tty.


How can I fix this, I would like one password that works for both.


I must admit, security is not my long suite...

Share this post

Link to post
Share on other sites

Can't help you about the guest user, but I would indeed remove it if unused (and give your family proper logins -- I believe that guest's files are cleaned out after logoff).


It is possible to restrict from which ttys you can logon as root using PAM, see file /etc/pam.d/login. The file /etc/securetty lists the consoles from which you can logon as root. You can always logon as root from an xterm started in your own Xwindows environment. PAM has many many options -- do some googling. Here is a starter: link.

Share this post

Link to post
Share on other sites

Thank-you for the response. I read the link information. I must admit I have some more reading to do.


I looked at /var/log/auth.log and found this - "pam_securetty(login:auth): access denied: tty 'tty2' is not secure !".


I see this is why I can not log through tty1 or tty2.


I will some more reading...

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now