how to prohibit user 's operation
Barry Brimer
lists at brimer.org
Tue Sep 4 12:48:52 UTC 2007
> I login a account, for example my_name_1, now I want to change to
> other account, named my_name_2. For example,
>
> $ whoami
> tom <--- legal user
> $ su john <-- illegal operation, should be refused.
>
> In this case, how to refuse the request by PAM ?
<snip>
If I understand your question correctly, you are trying to prohibit access
to the john user via su. If this is the case, and you want to prevent all
users from being able to su to john, then you can use a pam_listfile
restriction in /etc/pam.d/su which controls access to who can be su'd to
and not who can su to another user.
Hope this helps,
Barry
More information about the Pam-list
mailing list