SUMMARY: Account entrance by su only

From: Carlos Alonso (ladm@cascarela.tel.uva.es)
Date: Thu Apr 13 2000 - 04:15:38 CDT


My original question was:

>I have a Sun Ultra 1 running Solaris 2.6. I want to create an account
>with these conditions:
>
> - You cannot telnet or ftp to the account.
> - The only way to get in is to su to the account and type the password.
> That way the user gets logged in /var/adm/sulog.
> - You do not need to be root to su to the account. A normal user who
> knows the password is able to su to the account.
>
> I want an account similar to the root account (with CONSOLE set so no
>remote login is allowed) but without special priviledges, without being
>root. Is this possible?
>

Thanks to the following people for their time:
Neill, Mark
Tim Evans
Arthur Darren Dunham
Mike DeMarco
Adam Levin
Christopher L. Barnard
Duane Gran
Michael Stapleton
Matthew Stier
Bismark Espinoza
jonathan loh

The concensus opinion is that I need the utility SUDO

For my particular case:

1) Create the account and lock the password. People cannot log in as that
 user.
2) Get sudo and install it. (http://www.courtesan.com/sudo)
3) Set /etc/sudoers to allow the users in question to su to the account.
 Quick configuration:
 User_Alias ALLOWED = juan, luis, javier
 ALLOWED ALL = (account) ALL, (root) /usr/bin/su - account
4) The users can su to the account doing "sudo su - account".
 Usage is logged. They will have to enter their own password not the
 account password, as authentication.

Thanks to all who answered. It is much appreciated.

        Carlos Alonso.



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:14:06 CDT