Hi,
How about a script? You could call this from /etc/profile, and it will decide if the user can or can't.
HTH
-Michael
#---------------------------------------------------------------------------
#
# This script verifies at login time, if the account is "su only"
# The account to become "su only" must be configured (listed) in the
# config.file SU_CONFIG_FILE - one per line
#
# Script is started from /etc/profile with PID of a original process
#
#---------------------------------------------------------------------------
trap "" 1 2 3
SU_CONFIG_FILE=/usr/local/etc/su_only.cfg
export SU_CONFIG_FILE
current_user=`whoami`
orig_process=$1
orig_process_name=`ps -p $1|awk '{print $4}'|grep -v COMMAND`
# kill login process if su only
exit_login ()
{
echo "\n \"$current_user\" is Privileged Account. Access only via \"su\". n"
kill -9 $PPID
}
# Check if "su account" access enabled
check_login ()
{
if [ $current_user != "root" ]
then
if [ $orig_process_name = "rlogind" -o $orig_process_name = telnetd ]
then
if [ -s $SU_CONFIG_FILE ]
then
if [ `grep -v "^#" $SU_CONFIG_FILE|grep -c "^$current_user"` -gt 0 ]
then
exit_login
fi
fi
fi
fi
}
check_login
trap 1 2 3
Anyone for a Mutiny ?
