Previous Topic: Conditional AccessNext Topic: Protecting Regular Programs


Protecting the Login Command

We strongly recommend that you limit the use of /bin/login to the superuser only. Otherwise, any user who knows another user's password can log in as another user and supply the other user's password to bypass all surrogate and terminal restrictions.

To change the /bin/login permissions in selang, use the following command:

chres LOGINAPPL /bin/login defaccess(N) owner(root)