su to disabled accounts?
To get around some permissions with apache, I have created a "webauthor" account, which is the owner of files in my /var/www/html directory. The group of these files is set to "apache". A trusted set of users are set up (via sudo) to be able to su to this account (to edit the website), so that no-one has the password for it. (sudo should log the attempts). I would like to set this account to "disabled" to prevent people attempting logins on it, but this prevents users from su'ing into it. I know that /bin/nologin can be used as a shell, but would this prevent access to the account via things like X, or possibly still allow ssh to verify a correct password?
Is there a way to allow users to su to a disabled account? (Or can the password be set so that it is unusable, but the account "enabled"?)
Last edited by sat86; 01-24-2005 at 05:18 AM.