MOTD File?

Anyone know how to change the location of the MOTD file from the default /etc/motd?

An annoying person with root access has found out how to edit the file and change my MOTDs.

Help me.

What OS are you using?
If it's Linux, you can attempt to deter him using attributes...

Otherwise, restrict his access...

if he has root access he can do much more than this... find him one way or another... start by changing the root password...

If you are the System Administrator then you should change the root password and keep it a secret from the users. For reasons of security, I would suggest that root password should be changed at regular intervals (say, once a month) or if an unauthorised person needs to gain temporary root access, change it and give them the CHANGED root password then change it back when they are finished.

If you have a Solaris sytem, you could set the system up so that only the console can log in as root then set up 'su logging'. Then anyone who wants to go in as root will have to 'su' to root at which time a log of the user entering root will be put in /var/adm/sulog. You should be able to find out which user is doing it, if you don't know, and you'll have evidence of them gaining access to root (through 'su').

Running Mandrake, but to be honest I'm taking a class and the teacher saw fit to give most of the users root access. =/ So changing the password is out of the question. Thank you for the replies. =)

Edit: My reasoning though was, that there's more than likely a single line of code in the login script, that points to /etc/motd as the message of the day file. Might anyone know how to change this?

Try this, it's most likely to throw off a semi-beginning user:
(as root)
# chattr +i /etc/motd

This makes the file "immutable" (sp?), so it cannot be changed, deleted, linked to, etc... even to the root user, I believe. This is, of course, until he figures out why the access will be denied, and runs chattr -i /etc/motd as root...

see the man page for chattr and lsattr for more info.

I thank you much sir.

One pesky person found a way to change the attributes back to make the file non immutable, any other more difficult ways to make this stop? I'm willing to try anything =)

Edit: posted before I was finished.

I can't think of any other way... The only thing you can do to keep root away from something is to try to obfuscate what you're doing... For example, a cron script that runs once a minute to check your file for changes, and change it back if needed. But that would be as easily defeated as the chattr trick...

If this person is root, they can do (and undo) whatever you can do...

Your user may be smart but try this. Maybe they won't catch it.

When they login to root, this will create a history file. You can chage the path of the HISTFILE so that it will not be in your / directory.

#############
# sets .sh_hist file to id of user

if [ "`tty`" = "/dev/console" ]
then
REAL=console
else
REAL=`logname`
fi

HISTFILE=/.sh_$REAL # or make some other directory than /
export HISTFILE
HISTSIZE=1000; export HISTSIZE

I edited /bin/login to not look for the motd in /etc/motd but instead in hidden file/directory =D

Thanks for all your help guys.

How did you modify /bin/login. isn't it a binary file?

I would like to see how you did that so I can utilize it. Also what OS are you using?

:smiley:

mandrake hrmm, not sure what version..

and yes it's a binary file.

just vi login

go to the the line with /etc/motd in it and edit it to a new path, but make sure the new path has as many characters in it as /etc/motd =)

Be careful though! If /bin/login gets corrupt, and no longer works, no one will see any MOTD, because no one will be able to log in.

Always backup your files before editing, so you don't get bit in the backside.

:smiley: