SUMMARY:Login to locked accounts

From: sridhara pk <sridharapk_at_rediffmail.com>
Date: Thu Mar 04 2004 - 20:30:43 EST
Hello Managers,
I am pasting the summary for the problem below.
The problem
was:

I want to configure a LOGIN ID in such a way that the account
should be
locked and also ordinary users should be able to do "su" into that
account and
get a shell to work.Is there any possibility of doing this?


SUMMARY:
1. One
way is to make the home dir of the user (i.e. testuser)
non-writable to the
owner and then place a .profile in there that does a
"trap "" 2; exit". Anyone
doing a direct login will run the .profile and
exit out. This won't stop "r"
commands unless you shut them off.

3. Since you're running Solaris 8, you can
use RBAC (Role Based Access
Control) to do this.  Create testuser as a role
and assign that role to
the users you want to be able to access it. The OE
documentation will
give you the details on how to do this.

you can make
testuser a role with solaris 8 or 9's /etc/user_attr table.

add this to
/etc/user_attr:
testuser::::type=role;auths=solaris.*,solaris.grant;profiles=All
usertousesu::::type=normal;auths=solaris.system.dat;roles=testuser;profile
s=All

Only these users can su to testuser

Regards
Sridhara
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Mar 4 20:30:23 2004

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:29 EST