cancel
Showing results for 
Search instead for 
Did you mean: 

Reject users and do su -

SOLVED
Go to solution
Carme Torca
Super Advisor

Reject users and do su -

If its possible to reject users that connect directly in one system? The idea is that people connect to one server using yours users (ex. user1) and then this users could do su - user-application, to work with the applications (web, db, etc.).
Is it possible?

Thanks a lot of,
Carmen.
Users are not too bad ;-)
2 REPLIES
Turgay Cavdar
Honored Contributor
Solution

Re: Reject users and do su -

If the users are using ssh to connect to the system, you can use "DenyUsers user_name" directive.
1-)Edit /etc/opt/ssh/sshd_config:
DenyUsers user_name
2-)Stop/start sshd daemon

User_name cant logon to system by using ssh, but other users can use "su - user_name".
James R. Ferguson
Acclaimed Contributor

Re: Reject users and do su -

Hi Carmen:

In the '${HOME}/.profile' of the application owner you could detect that an 'su - appowner' was done by comparing the '$(logname)' to the user name snipped from the 'id':

if [ $(logname) = $(id|cut -f2 -d "("|cut -f1 -d ")") ]; then
echo "su was not done"
else
echo "su from '$(logname)' occurred"
fi

...

Regards!

...JRF...