Original question:
Dear SMs,
Is the package 'sudo' really needed to only allow an 'su' to an 
account?
What about adding the following lines at the top of the .profile?
$ cat .profile
trap "echo Sorry" 2 3
usr1=`who -m|/usr/bin/awk '{print $1}'`
usr2=`/usr/ucb/whoami|/usr/bin/awk '{print $1}'`
echo $usr1 $usr2
if [ "$usr1" = "$usr2" ]
then
        exit
fi
.. and of course change the ownership to root of the .profile.
This way the user cannot login directly and has to do an 'su' to the 
user account.
Thanks
Answer:
        Right idea wrong file.  Add the following lines to the top of 
/etc/profile if you only want users to 'su' to the 'joeblock' account 
and deny any direct login via telnet:
trap ""  2 3
usr1=`who -m|/usr/bin/awk '{print $1}'`
usr2=`/usr/ucb/whoami|/usr/bin/awk '{print $1}'`
if [ "$usr2" = "joeblock" ]
then
        if [ "$usr1" = "$usr2" ]
        then
                exit
        fi
fi
Thanks to all who replied.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:42 CDT