Re: Prevent remote User login
From: Blair Barrett (bbarrett_at_nyis.net)
Date: Fri, 17 Oct 2003 07:50:19 -0400 To: "Glenn M. Brunette, Jr." <firstname.lastname@example.org>
We create the role account and then lock it. We allow allow access
It's relatively straightforward, and you can restrict the ability to
switch user based on groups. We also by default change the permissions
on both instances of su (/usr/bin/su and /sbin/su) so that only root
can execute it.
We've been doing this for years - it works on most flavors of Unix
The user simply switches user to the locked account by typing
/usr/local/bin/sudo su - [account] (or simply sudo su - ... if
/usr/local/bin is in the user's PATH statement).
They will be prompted for their own password, and once successfully
authenticated will be switched to the account.
> Noel del Rosario wrote:
>> Is there something that could prevent a user to do a remote
>> to another valid user_id account (say 'oracle' or '9ias' ) but
>> allows them to do 'su - oracle' or 'su - 9ias' after they
>> successfully login remotelly using their own user_id account (
>> say 'rosario' or 'watanabe' ). cheers,