On 8/8/07, Scott Ehrlich scott@mit.edu wrote:

I found, under a 64-bit CentOS 5 workstation install, it is possible to modify /etc/inittab and add a couple of lines to prevent root from logging into the console.

I found, under a 64-bit RHEL 5 server install, adding the same two lines completely breaks the OS, to the point that a reboot after the lines are added, the OS brings you to a fsck-like prompt, and other things break, too. I didn't have time to look at the logs for specifics, if any were recorded.

That's rather odd. The two files are (or should be) identical.

Does anyone know if a CentOS 5 server install option permits locking out root from console login? Does anyone know of a way, in RHEL 5 Server edition, to prevent root from a console login?

You can edit /etc/securetty, which controls what root is allowed to log in from. In reality, I'd leave the console there, but block ssh and most of the other ones. You'll want root access at the console if something catastrophic happens and you need to recover. If they've got local access to the machine, it's basically theirs anyway.

While you're using centos5, most of these -> http://centos.org/docs/4/html/rhel-sg-en-4/s1-wstation-privileges.html should work just the same for you.