Let's learn how to edit the two files mentioned before to apply different restrictions to user access on a Linux system:

1. First, we will check the content of the /etc/securetty file using the more command:

more /etc/securetty

As we can see in the preceding screenshot, the file specifies the Terminals on which root is allowed to log in.

2. Now, edit the file using any editor of your choice and comment the tty1 entry as shown here:

Save and exit the editor after making the changes mentioned in the preceding step.

3. Now, switch to Terminal tty1 by running the command chvt 1. If we try to log in as root now, we will get the following result:

We can see that access was denied to the root account by the system. If we wish to still get root privileges, we have to first log in as a normal user and then use the sudo or su command.

4. From the same Terminal, when we try to log in from a normal user account, we get logged in as seen here:

5. We have already seen how to use the /etc/securetty file to specify access for the root account from any Terminal. Now, let's see how to allow or deny access to specific users.
6. The first thing to do is to modify the /etc/pam.d/login file and add the pam_access.so module. This will allow pam to scan the /etc/security/access.conf file and check for the rules defined by us.

So we open etc/pam.d/login, find the line that states #account required pam_access.so, and remove the # to un-comment the line:

7. Next, we will define a rule in /etc/security/access.conf. Open the file in any editor and define a rule according to the following syntax:

permission : users : origins

8. If we want to deny access to the root account from Terminal tty1 we use the following rule:

9. To deny access to user1 we use the following rule:

10. If we want to specify multiple usernames in the same rule, we can do it as shown in this rule: