HPE Community
Operating System - HP-UX
1752815 Members
6174 Online
108789 Solutions
New Discussion юеВ

Reject users and do su -

 
SOLVED
Go to solution
Carme Torca
Super Advisor

тАО03-16-2010 03:18 AM

тАО03-16-2010 03:18 AM

Reject users and do su -

If its possible to reject users that connect directly in one system? The idea is that people connect to one server using yours users (ex. user1) and then this users could do su - user-application, to work with the applications (web, db, etc.).
Is it possible?

Thanks a lot of,
Carmen.
Users are not too bad ;-)
0 Kudos
Reply
2 REPLIES 2
Turgay Cavdar
Honored Contributor

тАО03-16-2010 03:45 AM

тАО03-16-2010 03:45 AM

Solution

Re: Reject users and do su -

If the users are using ssh to connect to the system, you can use "DenyUsers user_name" directive.
1-)Edit /etc/opt/ssh/sshd_config:
DenyUsers user_name
2-)Stop/start sshd daemon

User_name cant logon to system by using ssh, but other users can use "su - user_name".
Reply
James R. Ferguson
Acclaimed Contributor

тАО03-16-2010 03:47 AM

тАО03-16-2010 03:47 AM

Re: Reject users and do su -

Hi Carmen:

In the '${HOME}/.profile' of the application owner you could detect that an 'su - appowner' was done by comparing the '$(logname)' to the user name snipped from the 'id':

if [ $(logname) = $(id|cut -f2 -d "("|cut -f1 -d ")") ]; then
echo "su was not done"
else
echo "su from '$(logname)' occurred"
fi

...

Regards!

...JRF...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.