Restricting Superuser (root) Access on the Console
The superuser account is used by the operating system to accomplish basic functions, and has wide-ranging control over the entire operating system. It has access to and can execute essential system programs. For this reason, there are almost no security restraints for any program that is run by superuser.
You can protect the superuser account on a system by restricting access to a specific device through the /etc/default/login file. For example, if superuser access is restricted to the console, you can log in to a system as superuser only from the console. If anybody remotely logs in to the system to perform an administrative function, they must first log in with their user login and then use the su(1M) command to become superuser. See the section below for detailed instructions.
Note -
Restricting superuser login to the console is set up by default when you install a system.
- © 2010, Oracle Corporation and/or its affiliates