[OmniOS-discuss] adding cua/a as a second login
Paul B. Henson
henson at acm.org
Thu Dec 4 22:22:55 UTC 2014
> From: Michael Mounteney
> Sent: Thursday, December 04, 2014 1:31 PM
>
> It certainly is, Jorge; thanks very much. Working very well. The
> only thing I'd like to change is to limit root to logging in on the two
> known ports /dev/console and /dev/ttya, but that's a small point.
Hmm, reviewing the source to login, if CONSOLE is set to the default
/dev/console, root login is allowed on either /dev/console or /dev/vt/*. If
it is set to anything else, root login is allowed only from the device it is
set to. If not set, root login is allowed on any device.
It would be pretty trivial to extend the current code:
} else {
if (strcmp(ttyn, Console) == 0)
return;
}
To allow CONSOLE to be a list of devices rather than a single device:
char *state;
char *test_console;
for (test_console = strtok_r(Console, ",", &state); test_console != NULL,
test_console = strtok_r(NULL, ",", &state)) {
if (strcmp(ttyn, test_console) == 0)
return;
}
I'm not sure if anything else pays attention to the CONSOLE definition in
/etc/default/login that might get confused though.
If you open a ticket in the illumos issue tracker requesting this feature, I
might take a shot at implementing it :). I'm hoping to get an illumos-gate
development environment going under omnios stable over the Christmas break
(the OI vm I was using got trashed quite a while ago, and I just can't bring
myself to install another OI box <sigh>), and this would be a simple test of
it.
More information about the OmniOS-discuss
mailing list