My original question was:
>I have a Sun Ultra 1 running Solaris 2.6. I want to create an account
>with these conditions:
> - You cannot telnet or ftp to the account.
> - The only way to get in is to su to the account and type the password.
> That way the user gets logged in /var/adm/sulog.
> - You do not need to be root to su to the account. A normal user who
> knows the password is able to su to the account.
> I want an account similar to the root account (with CONSOLE set so no
>remote login is allowed) but without special priviledges, without being
>root. Is this possible?
Thanks to the following people for their time:
Arthur Darren Dunham
Christopher L. Barnard
The concensus opinion is that I need the utility SUDO
For my particular case:
1) Create the account and lock the password. People cannot log in as that
2) Get sudo and install it. (http://www.courtesan.com/sudo)
3) Set /etc/sudoers to allow the users in question to su to the account.
User_Alias ALLOWED = juan, luis, javier
ALLOWED ALL = (account) ALL, (root) /usr/bin/su - account
4) The users can su to the account doing "sudo su - account".
Usage is logged. They will have to enter their own password not the
account password, as authentication.
Thanks to all who answered. It is much appreciated.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:06 CDT