Turning a Linux user into a role
I've had the idea presented to me of a Linux user that doesn't have an interactive login set up and the password disabled for it to be converted to a 'role' so that other Linux users can link to this role and enable interactive session. I'm looking for resource that can explain how this concept can be implemented? The example given to me is along these lines:
"Give a linux account bash shell and then not set a password for the account (a !! in the password field in /etc/shadow). This disallows direct logins but would allow 'sudo -iu mysql'. This would turn this account into a role which another account linux user has to assume and enforces that account interactive session for the now 'role' account user which can be linked to a person i.e. another linux user.
This is not explained very well, but if anyone here provide further clarity on what I maybe talking about, that would be helpful.
|