how to create a user, which can't be su'd to ?
Andreas Israel
israel.pad at sni.de
Thu Jan 17 00:22:41 AEST 1991
In <1460 at nixsin.UUCP> koerberm at nixsin.UUCP (Mathias Koerber) writes:
>I have a (small) system, which I want all my staff to be able to shutdown in
>the evening, without having to give them full root access. So i created a user
>"shut", whose .profile calls /etc/shutdown with all the necessary parameters.
You can interrupt the execution of the .profile after login!!!
>I want to protect this account against being accessed via su, so that it is not
>used accidentally. How can I do this?
You can write a little C program that will do all checking and finally call
/etc/shutdown.
Specify this program as login shell for this user in /etc/passwd.
Another way is to give SETUID root permission to such a program.
More information about the Comp.unix.questions
mailing list