[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

RE: Restrict Login to su

Use pam_access.so for that purpose. I just did it recently for the same reason.

Go into each pam conf file (like sshd) that you want to protect and add a line like so:

account	required	/lib/security/pam_access.so

Then edit or create a access.conf file for it to use.. On Redhat systems it's already there in /etc/security/access.conf with commentary in the file.

Add a line in access.conf that reads like:

-:oracle root:ALL

One thing to watch out for, is if the name of the user is the same as a group name, then you need to further clarify it something like

-:psoft localhost root:ALL

Otherwise it'll block all users that belong to that group.


 -----Original Message-----
From: 	George Miles [mailto:George_Miles labcorp com] 
Sent:	Thursday, July 10, 2003 9:17 AM
To:	pam-list redhat com
Subject:	Restrict Login to su

Yes another newbie - but I do need help - I need to have a user login restricted access to su.  User "jonb" logs in and then su's to the restricted user "drafter". But user "drafter" can not login directly from any source.


Pam-list mailing list
Pam-list redhat com

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]