Anyone know how to block a user from TTY login, thus forcing them to use their personal login, BUT then allowing them to su - to the blocked account?
Changing shell to /sbin/nologin/ also blocks su - access.
Do I need to use PAM to do this? Ugh.
Thanks
AJ
Jump to Postpasswd -l username
passwd -u username to unlock againman passwd for more details.
passwd -l username
passwd -u username to unlock again
man passwd for more details.
Hi,
That will lock the initial login, and also prevent su - <user> from working as well.
To enable su - <user> I had to give the users sudo access,
and prevent su to root:
ALL ALL=(ALL) NOPASSWD: /bin/su - <user> , ! /bin/su *root*
Andrew
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.