Can an Account be Locked out for ssh but allow su?
Martin McCormick
martin at dc.cis.okstate.edu
Wed Oct 8 19:42:58 UTC 2008
Is there a way to configure an account such that one can
su - this-account from another login on the system, but not ssh
directly in to it from the outside, similar to the way root
works if you set the terminal type in /etc/ttys to insecure?
The idea is to make a common place for group projects
but know who logged in and su'd in to this common space.
We don't care if they logged in as themselves via ssh
but we do care if they log in as this common user because we
then don't know who accidentally deleted all the files or
whatever accident one can imagine.
Martin McCormick WB5AGZ Stillwater, OK
Systems Engineer
OSU Information Technology Department Telecommunications Services Group
More information about the freebsd-questions
mailing list