HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
Showing results for 
Search instead for 
Did you mean: 

Reject users and do su -

Go to solution
Carme Torca
Super Advisor

Reject users and do su -

If its possible to reject users that connect directly in one system? The idea is that people connect to one server using yours users (ex. user1) and then this users could do su - user-application, to work with the applications (web, db, etc.).
Is it possible?

Thanks a lot of,
Users are not too bad ;-)
Turgay Cavdar
Honored Contributor

Re: Reject users and do su -

If the users are using ssh to connect to the system, you can use "DenyUsers user_name" directive.
1-)Edit /etc/opt/ssh/sshd_config:
DenyUsers user_name
2-)Stop/start sshd daemon

User_name cant logon to system by using ssh, but other users can use "su - user_name".
James R. Ferguson
Acclaimed Contributor

Re: Reject users and do su -

Hi Carmen:

In the '${HOME}/.profile' of the application owner you could detect that an 'su - appowner' was done by comparing the '$(logname)' to the user name snipped from the 'id':

if [ $(logname) = $(id|cut -f2 -d "("|cut -f1 -d ")") ]; then
echo "su was not done"
echo "su from '$(logname)' occurred"