Disabling direct console login: forcing su
I wish to disallow direct console logon (on Linux, of course) to several previlige accounts, but instead want them to login as normal users and then do a su/sudo to login to a high privilege account.
Note: I do not wish to disable only root login which can be easily done via /etc/securetty I did some research on Internet and found the following code snippet useful, but I am sure there could be a smarter way to do it. /* Ensure that the user's .profile/.bash_profile is only writable by root and readable by others and then add the following at the top: ### script begin ### trap "" 1 2 3 REALUSER=`/usr/bin/who am i | /usr/bin/cut -f1 -d" "` SUUSER=`id -un` if [ "$REALUSER" = "$SUUSER" ] then logout fi ### script end ##### */ |
at a basic level use /etc/security/access.conf
|
Dear Mod
Thanks for the info but please correct me if I am wrong. Is /etc/security/access.conf standard utility present on all *nix boxes or is it some kind of additional package. A quick Googling [[http://www.rhce2b.com/clublinux/RHCE-15.shtml]] revealed that it has to be used in conjunction with PAM. I think I have quite old servers, which might not support PAM, but I am not too sure. |
totally standard file really.
|
Thanks Chris
Problem Solved! |
All times are GMT -5. The time now is 08:05 PM. |