Disabling remote logins on specific accounts

[scotbuff]

I am new to Linux and I have been requested to disable the ability to login from the login prompt for some system ID's. For instance, we want it so that ID's associated with software, such as DB2 instance ID's can only be SU-ed to. I am running SUSE Linux.

I previously made this change on our AIX servers, but Linux appears to be a somewhat different animal. I found an /etc/security/access.conf file that seemed to be what I was looking for. But the ID I tested in this file was still able to login. Thanks in advance.

 

[d3funct]

Does your system have PAM on it? If so look in /etc/PAM (I think is the directory...I'm at work and don't have access to my Linux box). PAM is the Password Authentication Module and will probably be where you do this.
An infinite number of monkey typing at an infinite number of keyboards will eventually populate the internet.

 

[scotbuff]

Yes, /etc/pam.d exists. I will carefully research this and see if I can find an option to do what I would like. Thanks for the info.

 

[scotbuff]

Others may find this useful, as I had a tough time figuring this out. The /etc/security/access.conf file was the correct file for me to be using to disable system accounts from logging other than utilizing the "su" method from a valid ID. We do this at our location on the AIX platform so that we can tell exactly who is using specific system accounts, via the su log.

Anyway, if you want to use the /etc/security/access.conf file, you will need to place the following line in your
/etc/pam.d/login file.

account required /lib/security/pam_access.so

Once I did this, the only way use the system account is to "su" to the account from a valud user account.

 

[SevenFiftySeven]

To disable login to shell accounts I've always set the shell account to "/bin/false". Would this not work in your case?