How to control root login on ttySx with systemd

Hello!
I updated from 11.4 .to 12.1 and nearly all services are up and runnig again.

What i couldn’t figure out is how to prevent root login on /dev/ttyS0 with systemd-logind.
systemd-logind seems to replace /bin/login and so doesn’t honour files like /dev/securetty (is this true?)

My ttyS0 is internally connencted to a HP-iLO Card so has added security by a first login to Ilo befor reaching the console. But i still like the idea of added securty by definately preventing root also on ttyS0.
Can anyone point me in the right direction?

Thanks for helping!

Tom

On 2011-12-10 16:36, thomasbuehlmann wrote:

> What i couldn’t figure out is how to prevent root login on /dev/ttyS0
> with systemd-logind.
> systemd-logind seems to replace /bin/login and so doesn’t honour files
> like /dev/securetty (is this true?)

I would ask in the mail list… Some devs are there.


Cheers / Saludos,

Carlos E. R.
(from 11.4 x86_64 “Celadon” at Telcontar)

Thanks for your answer.

I’ll try the opensuse-de list!

-Tom

Hello!

Just for the record:
After a (long) bit of testing i found out:
On my system the kernel has te line “console=ttyS0” with it.
This means, that pam_securetty.so will ALWAYS let root login, since it treats it as a secure console
adding “noconsole” option to pam_securetty solves the problem.
It actually states so in the man page, but i was searching with systemd-logind first…

– Tom