[wplug] Disable a user's remote login capability
Rick Smith
rick at rbsmith.com
Tue Jan 21 13:20:13 EST 2003
On Tue, Jan 21, 2003 at 12:28:41PM -0500, Scott Eicher wrote:
>
> I have a shared user id who I would like to disable from being able to login
> remotely. I would like to force users to login under their own user id and
> su to this user. Is there a way to do this in Linux?
Are these devious individuals?
If so, own the home directory of this common user so people can't fiddle
with .ssh/, .rhosts or other ~/.xxx files/dirs which would allow
circumvention of your desired behaviour. Then have no passwd for this
account, so that people can only get there through .ssh/RSA keys, or
sudo(1) or .rhosts, or other non-password methods (all which would need
you to administer the 'allowed users' list).
That's what's been done for systems I've used with similar scenarios.
The pain is users needing to ask permission to have a new rc file
created in the home (like .vimrc), because users can't create new files,
only modify existing ones. But it's worked. I don't doubt that there's
an easier way.
-- Rick
More information about the wplug
mailing list