Hi Adam,
I don't know if I have understood your question correctly, but you can "lock" an account by putting a
*LK* in the password field of the
fred entry in /etc/shadow. That means you cannot log on as user
fred directly but as another user on the system you still can do
su - fred. Then my proposal is to install the sudo package and configure which users can do
sudo su - fred.
An example of a small /etc/sudoers (the sudo config file) could look like:
# sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for the details on how to write a sudoers file.
#
# Host alias specification
Host_Alias YOUR_HOST=mysunserver
# User alias specification
### UNIX_ADMIN: Adam F
User_Alias UNIX_ADMIN=adamUserID
### FRED_USERS: Ian, Mary, Charles, Mark
User_Alias FRED_USERS=ianUserID,maryUserID,charlesUserID,markUserID
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
UNIX_ADMIN ALL=(ALL) /bin/ksh, /usr/local/bin/sudo, /usr/bin/su -
FRED_USERS YOUR_HOST=(root) NOPASSWD: /usr/bin/su - fred
Hope that is helpful.
mrjazz
![[pc2] [pc2] [pc2]](/data/assets/smilies/pc2.gif)