how to prohibit user 's operation

Ian jonhson jonhson.ian at
Tue Sep 4 13:35:03 UTC 2007

> If I understand your question correctly, you are trying to prohibit access
> to the john user via su.  If this is the case, and you want to prevent all
> users from being able to su to john, then you can use a pam_listfile
> restriction in /etc/pam.d/su which controls access to who can be su'd to
> and not who can su to another user.


I have take a glimpse at codes in the pam_listfile. It seems that all
the hooks will finally call the pam_sm_authenticate to deny somebody.
Can I embed my codes in some other hooks except pam_sm_authenticate to
deny specific users ?

More information about the Pam-list mailing list