On Thu, Jun 10, 1999 7:44 AM, Erik M. Winkler <mailto:Erik.Winkler@ey.com>
wrote:
>Still having telnet problems.  Below is the response I get using
>BetterTelnet.
>
>NetBSD/mac68k (demon) (ttyp0)
>
>login: root
>Password:
>root login refused on this terminal.
>login: ewinkler
>Password:
>ewinkler login refused on this terminal.
>login: ewinkler
>Password:
>Login incorrect
>
>The last is for an incorrectly entered password.  Anyone know what is
>causing this?  Only root is part of the wheel group.
>
>Erik
>
This is a message I wrote to MkLinux-Setup, 
Subject: Re: cannot login as root



See: man group , man ttys , man su

The rule(s) in the UNIX world:
  You logon as yourself.  And when needed, you   su    to root.
  You logon as root from the console only.

 It is normal practice to logon as root only at secure stations,
and this means only via the console. In all other cases
you logon as a user of group root (or wheel on *BSD) and su to
root when needed. This forces anyone attempting to gain root
access to your machine to know a valid  username:password 
combination first.

Then there is the risk of doing damage to the system by logging in
as root all the time or walking away from the workstation while 
logged in as root. Most work on the system can be performed as a
normal user. 

Logging in as root except at the console (to recover from a crash
or other disaster)  is a sign of inexperience and bad work habits.

Restricting Access consists of controlling:

Physical Access to the:
  server
  network
  workstations

Electronic Access from:
  LAN
  WAN      
  Dial-up
  Remote console sessions

File Access
  User and Group permissions







  " Stamp out root login's  .  .  .  .  su "
    --Bruce Anderson Programming/Networking Student DCTC