[SUMMARY] Allowing ONLY su to a user account

From: Jason Wood (borris_8@yahoo.com)
Date: Wed Sep 27 2000 - 17:09:54 CDT

Thanks to Hendrik Visage, Cecil Whitaker, Rob Staab & David Evans.

There were a couple of suggestions to use sudo and allow "su - bv".
Change the login shell to something non-valid, but NOT /bin/false.

Cecil also had this script:
# Make sure that special ids (i.e., ids where passwords are known by
# more than one person) can only be accessed by switching user.
if [ "`who am i`" ]
        set `who am i`
        export LOGINID
        readonly LOGINID
        if [ -f /etc/suid.lst ]
                for i in `cat /etc/suid.lst`
                if [ "${LOGINID}" = "${i}" ]
                        echo " "
                        echo "You cannot log in directly with this id."
                        echo "You must log in as yourself and"
                        echo " switch user."
                        echo " "
                        exit 0
                unset i

Well, since this is the end of the day I'll give these a try tomorrow.

Jason :)

Pinky: What will we do tonight Brain?
Brain: Same thing we do every night Pinky..try to install Windows NT!
(Saw it the other day and thought it was funny)

Do You Yahoo!?
Yahoo! Photos - 35mm Quality Prints, Now Get 15 Free!

U BEFORE POSTING please READ the FAQ located at
N ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/faq
. and the list POLICY statement located at
M ftp://ftp.cs.toronto.edu/pub/jdd/sun-managers/policy
A To submit questions/summaries to this list send your email message to:
N sun-managers@sunmanagers.ececs.uc.edu
A To unsubscribe from this list please send an email message to:
G majordomo@sunmanagers.ececs.uc.edu
E and in the BODY type:
R unsubscribe sun-managers
S Or
. unsubscribe sun-managers original@subscription.address
L To view an archive of this list please visit:
I http://www.latech.edu/sunman.html

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:18 CDT