SEARCH

Enter your search query in the box above ^, or use the forum search tool.

You are not logged in.

#1 2015-05-28 11:21:04

Nili
#! Die Hard
From: 127.0.0.1
Registered: 2013-03-20
Posts: 811
Website

[SOLVED] Disable a few tty's

Hi!

I am trying to cut some tty on Debian 8 stable, on Wheezy there was a place at "/etc/inittab" that successfully disable by putting a # in respective names. I'd like to use only two getty, tty1/tty2. I don't need the rest.

On Debian 8 jessie there is no more "/etc/inittab", apparently from what i read It is substituted with "/lib/systemd/system/dbus.service", well thanks to systemD roll

there is:

[Unit]
Description=getty on tty2-tty6 if dbus and logind are not available
ConditionPathExists=/dev/tty2
ConditionPathExists=!/lib/systemd/system/dbus.service

[Service]
Type=oneshot
ExecStart=/bin/systemctl --no-block start getty@tty2.service getty@tty3.service getty@tty4.service getty@tty5.service getty@tty6.service
RemainAfterExit=true

already tried to put a "#" on tty3, tty4 etc... but after restarted i can still access all tty's from 1 to 6.
Is there any other way to disable tty3 to tty6.

Thanks in advance,
Nili

Last edited by Nili (2015-05-28 13:29:22)


# Debian GNU/Linux 8:8.2 (netinst/stable)
# Packages Installed: 541
# Linux debian 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt11-1+deb8u4 (2015-09-19) i686 GNU/Linux
# Startup finished in 2.850s (kernel) + 6.473s (userspace) = 9.324s

Offline

Help fund CrunchBang, donate to the project!

#2 2015-05-28 12:43:42

PackRat
#! Die Hard
From: USA
Registered: 2011-03-03
Posts: 1,572

Re: [SOLVED] Disable a few tty's

Does Debian 8 still have the file:

/etc/default/console-setup

There is this line:

ACTIVE_CONSOLES="/dev/tty[1-6]"

I'm pretty sure that is the file you can now edit - came across something in the Debian wiki. There is a man page for the file as well.

There is also this - so maybe my info is obsolete.

Last edited by PackRat (2015-05-28 12:46:32)


"It does not require many words to speak the truth." - Chief Joseph, Nez Perce tribe

Offline

#3 2015-05-28 13:29:06

Nili
#! Die Hard
From: 127.0.0.1
Registered: 2013-03-20
Posts: 811
Website

Re: [SOLVED] Disable a few tty's

Hi PackRat!

First option "/etc/default/console-setup" gave no results.

On the link below the option "logind.conf" at /etc/systemd/logind.conf

[Login]
NAutoVTs=2
#ReserveVT=6
#KillUserProcesses=no
#KillOnlyUsers=
#KillExcludeUsers=root
#InhibitDelayMaxSec=5
#HandlePowerKey=poweroff
#HandleSuspendKey=suspend
#HandleHibernateKey=hibernate
#HandleLidSwitch=suspend
#PowerKeyIgnoreInhibited=no
#SuspendKeyIgnoreInhibited=no
#HibernateKeyIgnoreInhibited=no
#LidSwitchIgnoreInhibited=yes
#IdleAction=ignore
#IdleActionSec=30min
#RuntimeDirectorySize=10%
#RemoveIPC=yes

I made #NAutoVTs=6 to NAutoVTs=2
Now I have only two ttys. Thanks for the correct orientation.

Kindly regards,
Nili


# Debian GNU/Linux 8:8.2 (netinst/stable)
# Packages Installed: 541
# Linux debian 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt11-1+deb8u4 (2015-09-19) i686 GNU/Linux
# Startup finished in 2.850s (kernel) + 6.473s (userspace) = 9.324s

Offline

#4 2015-05-28 13:45:03

PackRat
#! Die Hard
From: USA
Registered: 2011-03-03
Posts: 1,572

Re: [SOLVED] Disable a few tty's

Excellent, I'll have to try this.


"It does not require many words to speak the truth." - Chief Joseph, Nez Perce tribe

Offline

#5 2015-05-28 14:21:46

Inodoro Pereyra
#! Die Hard
From: Back in Buenos Aires
Registered: 2013-07-01
Posts: 844

Re: [SOLVED] Disable a few tty's

Hmmm... just out of curiosity, what's the advantage?  hmm

Offline

#6 2015-05-28 14:33:15

Nili
#! Die Hard
From: 127.0.0.1
Registered: 2013-03-20
Posts: 811
Website

Re: [SOLVED] Disable a few tty's

Saving a few kilobytes smile also an early fixation  tongue


# Debian GNU/Linux 8:8.2 (netinst/stable)
# Packages Installed: 541
# Linux debian 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt11-1+deb8u4 (2015-09-19) i686 GNU/Linux
# Startup finished in 2.850s (kernel) + 6.473s (userspace) = 9.324s

Offline

#7 2015-05-28 14:57:57

Inodoro Pereyra
#! Die Hard
From: Back in Buenos Aires
Registered: 2013-07-01
Posts: 844

Re: [SOLVED] Disable a few tty's

^ Oh, ok. Thanks Nili. big_smile

Offline

#8 2015-05-28 16:32:11

PackRat
#! Die Hard
From: USA
Registered: 2011-03-03
Posts: 1,572

Re: [SOLVED] Disable a few tty's

Inodoro Pereyra wrote:

Hmmm... just out of curiosity, what's the advantage?  hmm

Some people recommend decreasing the number of ttys as a security measure.


"It does not require many words to speak the truth." - Chief Joseph, Nez Perce tribe

Offline

#9 2015-05-28 18:29:19

Nili
#! Die Hard
From: 127.0.0.1
Registered: 2013-03-20
Posts: 811
Website

Re: [SOLVED] Disable a few tty's

Didn't know security reason, good to know PackRat  wink


# Debian GNU/Linux 8:8.2 (netinst/stable)
# Packages Installed: 541
# Linux debian 3.16.0-4-686-pae #1 SMP Debian 3.16.7-ckt11-1+deb8u4 (2015-09-19) i686 GNU/Linux
# Startup finished in 2.850s (kernel) + 6.473s (userspace) = 9.324s

Offline

#10 2015-05-28 18:43:38

Inodoro Pereyra
#! Die Hard
From: Back in Buenos Aires
Registered: 2013-07-01
Posts: 844

Re: [SOLVED] Disable a few tty's

Thank you PackRat. big_smile
Could you elaborate? Security against what?

Offline

#11 2015-05-28 20:57:32

twoion
Emerald Caffeine
From: 星界
Registered: 2012-05-11
Posts: 1,648

Re: [SOLVED] Disable a few tty's

PackRat wrote:
Inodoro Pereyra wrote:

Hmmm... just out of curiosity, what's the advantage?  hmm

Some people recommend decreasing the number of ttys as a security measure.

What. Sounds like nonsense to me. What exactly should be the possible attack vector/the benefit from reducing the number of TTYs...?


Tannhäuser ~ {www,pkg,ddl}.bunsenlabs.org/{gitlog,repoidx}

Offline

#12 2015-05-28 21:19:00

Head_on_a_Stick
CatMod
From: A world of pure imagination
Registered: 2014-01-21
Posts: 4,797

Re: [SOLVED] Disable a few tty's

@OP: Disabling TTYs via /etc/logind.conf saves *no resources whatsoever*

Lennart Poettering wrote:

Traditionally, the init system on Linux machines was configured to spawn a fixed number login prompts at boot. In most cases six instances of the getty program were spawned, on the first six VTs, tty1 to tty6.

In a systemd world we made this more dynamic: in order to make things more efficient login prompts are now started on demand only. As you switch to the VTs the getty service is instantiated to getty@tty2.service, getty@tty5.service and so on. Since we don't have to unconditionally start the getty processes anymore this allows us to save a bit of resources, and makes start-up a bit faster. This behaviour is mostly transparent to the user: if the user activates a VT the getty is started right-away, so that the user will hardly notice that it wasn't running all the time. If he then logs in and types ps he'll notice however that getty instances are only running for the VTs he so far switched to.

By default this automatic spawning is done for the VTs up to VT6 only (in order to be close to the traditional default configuration of Linux systems). Note that the auto-spawning of gettys is only attempted if no other subsystem took possession of the VTs yet. More specifically, if a user makes frequent use of fast user switching via GNOME he'll get his X sessions on the first six VTs, too, since the lowest available VT is allocated for each session.

Two VTs are handled specially by the auto-spawning logic: firstly tty1 gets special treatment: if we boot into graphical mode the display manager takes possession of this VT. If we boot into multi-user (text) mode a getty is started on it -- unconditionally, without any on-demand logic.

Secondly, tty6 is especially reserved for auto-spawned gettys and unavailable to other subsystems such as X. This is done in order to ensure that there's always a way to get a text login, even if due to fast user switching X took possession of more than 5 VTs.

http://0pointer.de/blog/projects/serial-console.html

Offline

#13 2015-05-29 00:52:46

PackRat
#! Die Hard
From: USA
Registered: 2011-03-03
Posts: 1,572

Re: [SOLVED] Disable a few tty's

twoion wrote:
PackRat wrote:
Inodoro Pereyra wrote:

Hmmm... just out of curiosity, what's the advantage?  hmm

Some people recommend decreasing the number of ttys as a security measure.

What. Sounds like nonsense to me. What exactly should be the possible attack vector/the benefit from reducing the number of TTYs...?

Maybe it is - I never saw/read a detailed explanation of the why; I have just read it as part of "securing your linux" documents.

Last edited by PackRat (2015-05-29 00:53:40)


"It does not require many words to speak the truth." - Chief Joseph, Nez Perce tribe

Offline

Board footer

Powered by FluxBB

Copyright © 2012 CrunchBang Linux.
Proudly powered by Debian. Hosted by Linode.
Debian is a registered trademark of Software in the Public Interest, Inc.
Server: zapp

Debian Logo