enabling/disabling unix accounts without su

[MrBlobby]

I am trying to provide a method for a user 'a' to enable/disable access to a remote Sun box for user 'b'. One way I thought of doing this was to create a dummy shell that the account for user 'b' would be created against, and symbolically link this to a real shell (i.e. /usr/bin/bash) when access is granted and move the symbolic link to a different shell (one where su access is required to use it) when access is denied. This method (if I can get it to work) will ensure non root access for both users 'a' and 'b'.

So far I haven't managed to do it.

Anyone have any suggestions please!

Thanks

 

[Annihilannic]

If you change the ownership of the shell binaries to user 'a' and set the permissions such that no-one else can modify them, and place them in a directory owned by user 'a', then that user should have full control over them.

You may need to add them to /etc/shells. Annihilannic.

 

[MrBlobby]

Thanks Annihilannic.

I have sorted it now.
I created a symbolic link in /export/home/a i.e.

ln -s /usr/bin/bash /export/home/a/dummy_shell

then created an account against the shell i.e.

useradd -c 'b' -m -d /export/home/b -u 100 -s /export/home/a/dummy_shell b

It works well. All the user 'a' needs to do is remove/create the symbolic link to /usr/bin/bash for user 'b' to gain access

The power of UNIX never fails to amaze me!!

Thanks for your suggestions

Regards