SUMMARY: Forcing users to su to an account

From: GC-Richardson, Chris (
Date: Thu Jun 29 2000 - 13:12:04 CDT

Thanks for all the replies. Unfortunately I did not state my question
clearly. I asked:

> Does anyone know how to disable logins for users other than root?
We would
> like to restrict all direct logins by all but end users, so that
> requiring priviledged access (oracle) has to su into the account.
Found one
> hit on Sunsolve the did not work.

We are not trying to restrict users from logging in or to make a box that
only root can log in to.

What I meant to ask is: I know how to disable logins to a server with
/etc/nologin. We currently disable remote root logins, users have to su to
the root account.

  Does anyone know how remote logins as other users such as Oracle can be
forced to su to the account?

Here are the respondents:

Joseph Shatzkamer
Anita Myles
Dennis Kim
Lonnie Ratliff
Adrian Singh
James Ford
Doug Bolon
Dylan Carlson
Tim Lindgren
Mark Luntzel
Chris O'Neal
Lopaka Delp
Jonathan Loh
Carlos Alonso
Dieter Gobbers
Gabriel Rosenkoetter
Chad Price

Fortunately some people understood what I was looking for. We would like
oracle to be inaccessible from any means except by suing to the account from
a user login.

The most likely approach was sent by Adrian Singh:

Put this in the users .profile

if [[ 'who -m | awk '{print $1}'' == oracle ]]
                echo you can only use su to access this account
                exit 1

Others suggested using sudo. If you have any relevant info on how to force
users to su into an account. That is welcome.


Chris Richardson
Genesis Consultant
Norwest Financial Information Services Group
pager 849-3379
email pager

U BEFORE POSTING please READ the FAQ located at
. and the list POLICY statement located at
A To submit questions/summaries to this list send your email message to:
A To unsubscribe from this list please send an email message to:
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:11 CDT