Login Restrictions
Pete Nesbitt
pete at linux1.ca
Wed Jun 2 00:39:00 UTC 2004
On June 1, 2004 11:28 am, Ted Beaton wrote:
> I have an application running on a Redhat 9 machine that requires being run
> by a certain user. I also have security requirements that necessitate
> logging the actions of all users logged into the system so I can't have two
> different people log in with the same user name. Then I won't know who is
> doing what on the system. What I would like to do is have a separate user
> account for each person and then require them to su to the common user
> account that needs to run the application. Then I can track the individual
> logins and know who su'd to the common account and when they did it. Does
> anyone know how to disable logins to the common user account while still
> allowing the account to be functional for when people need to su to it?
>
> Thanks in advance,
>
> Ted
Have a look at sudo (man sudo). There are some security issues with sudo, but
the nice thing is each user only knows their own password and they can only
execute specificlly listed commands which can be very granular. (the security
aspect is with things like less, more, vi that allow the user to shell out.
vi can be replaced with rvim, but I don't know about a replacement for less
or more)
As far as restricting access to an account (usermod -l), you can try locking
the account, but I'm not sure how sudo will react.
--
Pete Nesbitt, rhce
More information about the redhat-list
mailing list