How can I restrict regular users from logging in at the console?

Added: 04/02/01

For a terminal console
If the /etc/securetty file is present, login security is in effect.
User root is only allowed to log in successfully on the ttys listed in
this file. Restricted ttys are listed by device name, one per line.
Valid tty names are dependent on the installation. So to restrict root
logins to only the console:

# echo console >/etc/securetty

The use of /etc/securetty is documented in login(1).

For a CDE console
Create a file named 'nologin' in /etc/:

# >/etc/nologin

Then add something like this to your /etc/dt/config/Xstartup file:

if pwget -n "$USER" | awk -F: '{exit !($3 == 0)}'; then
if [ -f /etc/nologin ] || \
grep '^console$' /etc/securetty >/dev/null 2>&1; then
echo "[$(date)] non-root login attempt from CDE console -" \
"access denied" >>/var/adm/console_login_attempts_log
exit 1

See dtlogin(1) for a detailed description of the Xstartup file.
Suggest a Site