I wish to disallow direct console logon (on Linux, of course) to several previlige accounts, but instead want them to login as normal users and then do a su/sudo to login to a high privilege account.

Note: I do not wish to disable only root login which can be easily done via /etc/securetty

I did some research on Internet and found the following code snippet useful, but I am sure there could be a smarter way to do it.

/*
Ensure that the user's .profile/.bash_profile is only writable by root and readable by others and then add the following at the top:

### script begin ###
trap "" 1 2 3

REALUSER=`/usr/bin/who am i | /usr/bin/cut -f1 -d" "`
SUUSER=`id -un`

if [ "$REALUSER" = "$SUUSER" ]
then
logout
fi
### script end #####
*/

at a basic level use /etc/security/access.conf

Dear Mod

Thanks for the info but please correct me if I am wrong. Is /etc/security/access.conf standard utility present on all *nix boxes or is it some kind of additional package.

A quick Googling [[http://www.rhce2b.com/clublinux/RHCE-15.shtml]] revealed that it has to be used in conjunction with PAM. I think I have quite old servers, which might not support PAM, but I am not too sure.

totally standard file really.

Thanks Chris

Problem Solved!