Re: Prevent remote User login
From: Blair Barrett (bbarrett_at_nyis.net)
Date: 10/17/03
- Previous message: Glenn M. Brunette, Jr.: "Re: Prevent remote User login"
- In reply to: Glenn M. Brunette, Jr.: "Re: Prevent remote User login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 17 Oct 2003 07:50:19 -0400 To: "Glenn M. Brunette, Jr." <glenn.brunette@sun.com>
Noel,
We create the role account and then lock it. We allow allow access
through Sudo:
http://www.courtesan.com/sudo/
It's relatively straightforward, and you can restrict the ability to
switch user based on groups. We also by default change the permissions
on both instances of su (/usr/bin/su and /sbin/su) so that only root
can execute it.
We've been doing this for years - it works on most flavors of Unix
including Solaris.
The user simply switches user to the locked account by typing
/usr/local/bin/sudo su - [account] (or simply sudo su - ... if
/usr/local/bin is in the user's PATH statement).
They will be prompted for their own password, and once successfully
authenticated will be switched to the account.
Blair
> Noel del Rosario wrote:
>> Glenn,
>> Is there something that could prevent a user to do a remote
>> login
>> to another valid user_id account (say 'oracle' or '9ias' ) but
>> allows them to do 'su - oracle' or 'su - 9ias' after they
>> successfully login remotelly using their own user_id account (
>> say 'rosario' or 'watanabe' ). cheers,
>> noel
>
>
- Previous message: Glenn M. Brunette, Jr.: "Re: Prevent remote User login"
- In reply to: Glenn M. Brunette, Jr.: "Re: Prevent remote User login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
