Guest_imported
New member
- Jan 1, 1970
- 0
I have a sybase account that I want the dba to login as their normal user name and then su to sybase. What files do I need to edit to keep people from logging directly into the sybase account?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
How do I force someone to login as a user and su to a priveledged user
- Thread starter Guest_imported
- Start date
- Status
- Thread starter
- #2
Guest_imported
New member
- Jan 1, 1970
- 0
I've already thought of locking the account and then forceing the issue that way but is there another way?
bluedevils
MIS
With the following the person can login as sybase, but he will have to manual read the sybase profile (ie . ./.profile)
from deja:
From: Neil W Rickert (rickert+nn@cs.niu.edu)
Message 2 in thread
Subject: Re: Disable remote login for given user
Newsgroups: comp.unix.solaris
View this article only
Date: 2001-02-04 16:00:04 PST
"Alex Hopcroft" <ahopcroft@hemscott.net> writes:
>I have a shared user which I want to disable the capability for users to log
>directly into. I do want then to be able to su into the account from their
>own account. Its easy to do for the root user obviously, but can it be done
>for other users?
This is not perfect, but might be good enough.
Put a line in '/etc/profile'
if [ "$LOGNAME" = "thisuser" ] ; then logout
Use '/etc/.login' and csh syntax for the equivalent if this
is a csh account.
The idea is that this test is only carried out for login shell. It
should block direct login. It will also block "su - thisuser" since
that simulates a login shell. But it should allow su without the '-'.
from deja:
From: Neil W Rickert (rickert+nn@cs.niu.edu)
Message 2 in thread
Subject: Re: Disable remote login for given user
Newsgroups: comp.unix.solaris
View this article only
Date: 2001-02-04 16:00:04 PST
"Alex Hopcroft" <ahopcroft@hemscott.net> writes:
>I have a shared user which I want to disable the capability for users to log
>directly into. I do want then to be able to su into the account from their
>own account. Its easy to do for the root user obviously, but can it be done
>for other users?
This is not perfect, but might be good enough.
Put a line in '/etc/profile'
if [ "$LOGNAME" = "thisuser" ] ; then logout
Use '/etc/.login' and csh syntax for the equivalent if this
is a csh account.
The idea is that this test is only carried out for login shell. It
should block direct login. It will also block "su - thisuser" since
that simulates a login shell. But it should allow su without the '-'.
aixmurderer
IS-IT--Management
Have a look at the login file in /etc/defaults, maybe you can hack something similar as the "root" entry to allow only login via the console. IBM Certified Specialist - MQSeries
- Thread starter
- #6
sudo is one way and pretty good (I use it for a lot of stuff), but if you want a simple, global solution whereby all users would need to 'su' to root (this is a good idea security wise) then uncomment the line "CONSOLE=/dev/console" in the file /etc/default/login. This will only allow a direct login to root from the console.
Hope this helps.
Hope this helps.
- Status
Similar threads
- Locked
- Question