Re: Prevent remote User login

From: Blair Barrett (
Date: 10/17/03

  • Next message: Wheeler, Randy: "RE: Prevent remote User login"
    Date: Fri, 17 Oct 2003 07:50:19 -0400
    To: "Glenn M. Brunette, Jr." <>


    We create the role account and then lock it. We allow allow access
    through Sudo:

    It's relatively straightforward, and you can restrict the ability to
    switch user based on groups. We also by default change the permissions
    on both instances of su (/usr/bin/su and /sbin/su) so that only root
    can execute it.

    We've been doing this for years - it works on most flavors of Unix
    including Solaris.

    The user simply switches user to the locked account by typing

    /usr/local/bin/sudo su - [account] (or simply sudo su - ... if
    /usr/local/bin is in the user's PATH statement).

    They will be prompted for their own password, and once successfully
    authenticated will be switched to the account.


    > Noel del Rosario wrote:
    >> Glenn,
    >> Is there something that could prevent a user to do a remote
    >> login
    >> to another valid user_id account (say 'oracle' or '9ias' ) but
    >> allows them to do 'su - oracle' or 'su - 9ias' after they
    >> successfully login remotelly using their own user_id account (
    >> say 'rosario' or 'watanabe' ). cheers,
    >> noel

  • Next message: Wheeler, Randy: "RE: Prevent remote User login"