7.1. Allow root to
login from serial console
The file /etc/securetty controls the
devices that the root
user can log in upon.
It is usually desirable to have root be able to log in from the
console, so add the basename of the serial console device to
/etc/securetty.
Almost anyone can now dial into the modem and attempt to
guess the root password.
Normally we do not allow root to log in from a remote site,
rather we have a normal user log in and then use
su or sudo
to become root. This
gives some traceability.
Unfortunately, the root user needs to be able to log in
from the console to fix a full disk. Disk subsystems typically
reserve 5% of their space for root's exclusive use.
This is enough space for the root user to log in and start
deleting the files that filled the disk.
| securetty and Red Hat's
kudzu |
---|
| kudzu automatically adds the
device being used as the console to
securetty. |