[prev in list] [next in list] [prev in thread] [next in thread]
List: focus-sun
Subject: Re: Prevent remote User login
From: Blair Barrett <bbarrett () nyis ! net>
Date: 2003-10-17 11:50:19
[Download RAW message or body]
Noel,
We create the role account and then lock it. We allow allow access
through Sudo:
http://www.courtesan.com/sudo/
It's relatively straightforward, and you can restrict the ability to
switch user based on groups. We also by default change the permissions
on both instances of su (/usr/bin/su and /sbin/su) so that only root
can execute it.
We've been doing this for years - it works on most flavors of Unix
including Solaris.
The user simply switches user to the locked account by typing
/usr/local/bin/sudo su - [account] (or simply sudo su - ... if
/usr/local/bin is in the user's PATH statement).
They will be prompted for their own password, and once successfully
authenticated will be switched to the account.
Blair
> Noel del Rosario wrote:
>> Glenn,
>> Is there something that could prevent a user to do a remote
>> login
>> to another valid user_id account (say 'oracle' or '9ias' ) but
>> allows them to do 'su - oracle' or 'su - 9ias' after they
>> successfully login remotelly using their own user_id account (
>> say 'rosario' or 'watanabe' ). cheers,
>> noel
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic