Date: Wed, 08 Oct 2008 14:42:57 -0500 From: Martin McCormick <martin@dc.cis.okstate.edu> To: freebsd-questions@freebsd.org Subject: Can an Account be Locked out for ssh but allow su? Message-ID: <200810081942.m98JgvvH006080@dc.cis.okstate.edu>
next in thread | raw e-mail | index | archive | help
Is there a way to configure an account such that one can su - this-account from another login on the system, but not ssh directly in to it from the outside, similar to the way root works if you set the terminal type in /etc/ttys to insecure? The idea is to make a common place for group projects but know who logged in and su'd in to this common space. We don't care if they logged in as themselves via ssh but we do care if they log in as this common user because we then don't know who accidentally deleted all the files or whatever accident one can imagine. Martin McCormick WB5AGZ Stillwater, OK Systems Engineer OSU Information Technology Department Telecommunications Services Group
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200810081942.m98JgvvH006080>