[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: deny su to a specific user



nod, i figured it would be something like that, but i cant find the
parameter :-/

mind posting it when you can check it ?

thnx

On Thu, 2002-12-19 at 03:18, Nelson Sampaio Araujo Junior wrote:
> You can specify this on the "su" pam rules in /etc/pam.d/su. There is a
> parameter for "not allowed" groups/users. (sorry for not telling the
> parameter, but I'm without my unix access right now to check for you).
> 
> - Nelson
> 
> -----Original Message-----
> From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com] On Behalf
> Of cnf
> Sent: Wednesday, December 18, 2002 5:49 PM
> To: pam-list@redhat.com
> 
> i have 1 specific user (uid 400 *grin*) that i want to deny ALL login
> attempts to.
> 
> so only direct console login would be allowed.
> 
> i got it all working, the only thing i cant seem to get done is the su
> part.
> 
> how do i tell pam, that ANY su attempt to the uid 400 is to be forbidden
> ?
> 
> no matter is the su-ing user is in group wheel, or root himself, su to
> uid 400 needs to be denied.
> 
> ideally i would want that user only to be able to log in on ttyS0, but
> for now i'll settle on solving the su prob :-)
> 
> any suggestions ?
> 
> 
> cnf
> -- 
> Please avoid sending me Word or PowerPoint attachments.
> See http://www.fsf.org/philosophy/no-word-attachments.html
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
> 
> 
> 
> _______________________________________________
> Pam-list mailing list
> Pam-list@redhat.com
> https://listman.redhat.com/mailman/listinfo/pam-list
-- 
Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html





[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index] []