This can be handled relatively easily with some minor coding and a group creation.
1.) Create a group called GENERIC (or something equivalent).
2.) Make this the primary group of the user that should be be logged in to directly.
3.) Put some code in the system profile (/etc/profile) that
a.) Disables Control C, etc.
b.) Check to see if the if "whoami" and "who am i" match.
c.) If so, check for the GENERIC group, if found, display
a message that this account must be su'ed to
d.) Log that process out
c.) If GENERIC not found, turn control C, etc. back on
and proceed with normal /etc/profile, etc. processing.
Here is some code that will do the above. Note that most /etc/profiles already have the appropriate
trap statements to disable and re-enable control C, etc. processing - so the trap statements are not included here.
Code:
Generic_user ()
{
echo ""
echo ""
echo ""
echo " This is a secured account!"
echo ""
echo ""
echo ""
echo " You need to either su or su - to this account."
echo ""
echo ""
sleep 5
}
username=`whoami | awk '{print $1}'`
rname=`who am i | awk '{print $1}'`
if [ $rname = $username ]
then
groups $username | grep GENERIC > /dev/null && Generic_user && kill -9 $$
fi