From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1N8hxa-0003tq-MP for garchives@archives.gentoo.org; Thu, 12 Nov 2009 22:16:12 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 5073AE0CAE; Thu, 12 Nov 2009 22:16:09 +0000 (UTC) Received: from gv-out-0910.google.com (gv-out-0910.google.com [216.239.58.190]) by pigeon.gentoo.org (Postfix) with ESMTP id 135C9E0CAE for ; Thu, 12 Nov 2009 22:16:08 +0000 (UTC) Received: by gv-out-0910.google.com with SMTP id p33so402139gvf.39 for ; Thu, 12 Nov 2009 14:16:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:reply-to:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=NBHZX2xxqh69xhpaFilgMyQsuVl0ieiB4akA3qb4xuk=; b=ixTQftbHykG7E4V6FQo4Du7m0h0KPTXlNNPjLGW2X3CovYfLQS/H7vUN5Z/CR/21n0 Hwv7AgZNyqh2K4pfbc0vGry/gTiNBBQB+XcN662zm+sdFk1c6baALKR66AhbW2d0jPfr dQvujIn+fbomCzy15y4Y/eO9A7Ehft72pudTs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=KPeGBAOo0LJR1EWq4nUiRJws9yW1VC6OS1qXXp1XfelpegUq4EO8RVJqOW2mqNNPKB qvQXBaPh4RpWMVMkcwttoavrRNDyBP2Ww6wTk21ZrDvh5fB1ddmbjqi97qzllwGTYD8M KxAWHGyTHKc4eC0TNAroEsC4NbctxLbQczPaQ= Received: by 10.213.25.66 with SMTP id y2mr7779158ebb.97.1258064168352; Thu, 12 Nov 2009 14:16:08 -0800 (PST) Received: from lappy.localnet (230.3.169.217.in-addr.arpa [217.169.3.230]) by mx.google.com with ESMTPS id 10sm1213118eyz.43.2009.11.12.14.16.07 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 12 Nov 2009 14:16:07 -0800 (PST) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Block root user from login on xorg GUI Date: Thu, 12 Nov 2009 22:15:49 +0000 User-Agent: KMail/1.12.1 (Linux/2.6.30-gentoo-r8; KDE/4.3.1; i686; ; ) References: <200911122001.57860.michaelkintzios@gmail.com> <200911122146.31373.michaelkintzios@gmail.com> <200911122356.00290.alan.mckinnon@gmail.com> In-Reply-To: <200911122356.00290.alan.mckinnon@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart2289909.IX81Opvud4"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <200911122216.03513.michaelkintzios@gmail.com> X-Archives-Salt: 8cdeb2c1-32c2-4f17-ad52-4297aae877b2 X-Archives-Hash: c3f80aa7b01be96080d317c3702bb41c --nextPart2289909.IX81Opvud4 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable On Thursday 12 November 2009 21:56:00 Alan McKinnon wrote: > On Thursday 12 November 2009 23:46:27 Mick wrote: > > On Thursday 12 November 2009 21:34:24 Paul Hartman wrote: > > > On Thu, Nov 12, 2009 at 2:01 PM, Mick wro= te: > > > > I should know how to do this ... > > > > > > > > It isn't as simple as commenting out vc7 in /etc/securetty, right?= =20 > > > > The persistent offenders would try to start another X session on a > > > > different vc. > > > > > > > > Is there a trick I could add in /etc/pam.d/login or one of the > > > > /etc/pam.d/gdm* files perhaps? > > > > > > How do you start X? Do you use xdm/kdm/gdm or do you just "startx" or > > > use some other method? > > > > This box is configured to start X with gdm and it does not have kdm > > installed. >=20 > http://www.google.com/search?q=3Dblock+root+login+gdm&ie=3DUTF-8&oe=3DUTF= =2D8 >=20 > Hits #1, 2 and 3 Thank you Alan, hadn't seen #1 which aligns with #3. It seems legit so I w= ill=20 try this in /etc/pam.d/gdm: auth required pam_succeed_if.so user !=3D root quiet =2D-=20 Regards, Mick --nextPart2289909.IX81Opvud4 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.11 (GNU/Linux) iEYEABECAAYFAkr8iSMACgkQVTDTR3kpaLYm+ACg0PZkktvTjt3+BZa75lryX+/g 1RoAn3pkwObNDj/M67SH1PrJnt7a2kZ3 =dvRA -----END PGP SIGNATURE----- --nextPart2289909.IX81Opvud4--