System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Account setup for 'su' only

Sally Devine
Frequent Advisor

Account setup for 'su' only

Hi,
Is there a way to setup an account that cannot be logged into directly...only su'd? We have some generic accounts and we don't want users logging directly into them, we want them to login to their own accounts and then 'su' to the generic.

Thanks,
3 REPLIES
Ann Majeske
Honored Contributor

Re: Account setup for 'su' only

Hi again Sally!

One of the common ways of doing this is to set the shell for the account to something that is invalid.

Ann
Sally Devine
Frequent Advisor

Re: Account setup for 'su' only

The problem with that is that a valid shell is required in order to run crons, etc. I did manage to solve the problem with a script that checks from a list which users are allowed to access the account and if they are not on the list the .profile will exit and therefore not allow a login.
Mobeen_1
Esteemed Contributor

Re: Account setup for 'su' only

Sally,
This is a very common question which comes up in this forum, i would encourage that you take a look at the following thread and it lists more than one way of doing this

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=84059

rgds
Mobeen