How to disable a non-root userid from logging in--xcept via su. 1

[markw7777]

Was curious if anybody would know how to disable a non-root userid from logging in. The exception would be that this userid could be logged into via the su command.

 

[bi]

On AIX, you can specify non-root user IDs cannot login remotely. On other OS, I have added the following to /etc/profile (the file that is run before the user's .profile). I only use it for our oracle login. I suppose you could add some scripting that looks at a list of logins you don't want to login remotely. I got this from somewhere on tek-tips.

I hope this copies OK:

#===============================================
# Deny application accounts direct login
#===============================================
if [ "`/usr/bin/tty`" != "/dev/console" ]; then
if [ "$LOGNAME" = "oracle" ]; then
#
# Attempt to set /dev/pts# permissions
#
/usr/bin/mesg -n 1>/dev/null 2>&1

#
# Result codes: 0 - receivable, 1 - not receivable, 2 - Error
#
if [ $? -eq 1 ]; then
echo "================================================================= "
echo "Direct login as '$LOGNAME' is NOT AUTHORIZED. Use the su(1M) command."
echo "================================================================= "
kill -9 $$
else
echo " "
echo "su(1M) to '$LOGNAME' is authorized."
echo " "
fi
fi
fi

 

[markw7777]

Thank You Bi,

Appreciate the feedback.