How to restrict direct root login

[student123*]

Eventhough users know the root credentials how to restrict them from direct login as root user. They can login as non root user first and then as root user.

Can anyone give me the material or provide some url for learning the perl script.

[kurtdriver]

Eventhough users know the root credentials how to restrict them from direct login as root user. They can login as non root user first and then as root user.
Can anyone give me the material or provide some url for learning the perl script.

The perl script you're thinking of might be Bastille. I think it's been rewritten in python or some other language. Are people logging into the root account through the GUI or the Virtual Console? Why do so many people have the root password? That's not considered safe.

[student123*]

people will login thru virtual console. Not so many users were provided with root credentials only 3 users for operational purpose. Now direct root login is not working. First i am able to login as non-root user and then i am able to login as root.

I want to know how this can be configured like that.

[kurtdriver]

For a non-priveledged user to become root, he/she can type su. The computer will then ask for the root password. That's not a bad way to do it, as it restricts root to people who have a non-priveledged login. Sudo is a similar program, but lets selected individuals have root access to particular programs on a one time basis, and with their own login, rather that root's. This would allow restriction of the root password while allowing specified users to perform administrative tasks. Many distros use a program called securetty to prevent root from logging in directly. If you're running ssh I would strongly urge you to disable root logins from remote locations. This would be done in a file called ssh_config. Kurt

[Lazydog]

Stopping root login