Some Unix systems offer additional methods of protecting the root account:
The wheel group
The sudo program
A few systems provide an additional set of features, known as a trusted path and a trusted computing base (TCB). We’ll describe all of these features in the following sections.
every Unix system has an account named root,
this account is often a starting point for people who try to break
into a system by guessing passwords. One way to decrease the chance
of such break-ins is to restrict logins from all but physically
guarded terminals. If a terminal is marked as restricted, the
superuser cannot log into that terminal from the
login: prompt. (However, a legitimate user who
knows the superuser password can still use the
su command on that terminal after first logging
On an SVR4 machine, you can restrict the ability of users to log into the root account from any terminal other than the console. You accomplish this by editing the file /etc/default/login and inserting the line:
This line prevents anyone from logging in as root on any terminal other than the console. If the console is not safe, you may set this to the pathname of a nonexistent terminal.
Linux and some BSD-derived versions of Unix allow you to declare terminal lines and network ports as either secure or not secure. You declare a terminal secure by appending the word “secure” to the terminal’s definition in the file