Because every Unix system has an account named root, this account is often a starting point for people who try to break into a system by guessing passwords. One way to decrease the chance of such break-ins is to restrict logins from all but physically guarded terminals. If a terminal is marked as restricted, the superuser cannot log into that terminal from the login: prompt. (However, a legitimate user who knows the superuser password can still use the su command on that terminal after first logging in.)

On an SVR4 machine, you can restrict the ability of users to log into the root account from any terminal other than the console. You accomplish this by editing the file /etc/default/login and inserting the line:

CONSOLE=/dev/console

This line prevents anyone from logging in as root on any terminal other than the console. If the console is not safe, you may set this to the pathname of a nonexistent terminal.

Linux and some BSD-derived versions of Unix allow you to declare terminal lines and network ports as either secure or not secure. You declare a terminal secure by appending the word “secure” to the terminal’s definition in the file