Original question:
Dear SMs,
Is the package 'sudo' really needed to only allow an 'su' to an
account?
What about adding the following lines at the top of the .profile?
$ cat .profile
trap "echo Sorry" 2 3
usr1=`who -m|/usr/bin/awk '{print $1}'`
usr2=`/usr/ucb/whoami|/usr/bin/awk '{print $1}'`
echo $usr1 $usr2
if [ "$usr1" = "$usr2" ]
then
exit
fi
.. and of course change the ownership to root of the .profile.
This way the user cannot login directly and has to do an 'su' to the
user account.
Thanks
Answer:
Right idea wrong file. Add the following lines to the top of
/etc/profile if you only want users to 'su' to the 'joeblock' account
and deny any direct login via telnet:
trap "" 2 3
usr1=`who -m|/usr/bin/awk '{print $1}'`
usr2=`/usr/ucb/whoami|/usr/bin/awk '{print $1}'`
if [ "$usr2" = "joeblock" ]
then
if [ "$usr1" = "$usr2" ]
then
exit
fi
fi
Thanks to all who replied.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:42 CDT