To use PAM for this, you could add/modify a line as such in /etc/pam.d/su
account required /lib/security/pam_access.so
Then in /etc/securiry/access.conf you could have something like this for
example
-:david:ALL
With this example, all su attempts from user david will be denied
regardless of location. You can get more specific if you like. Check the man
pages for more info.
-----Original Message-----
From: pam-list-admin@redhat.com [mailto:pam-list-admin@redhat.com]On
Behalf Of Joachim Blaabjerg
Sent: Thursday, October 25, 2001 5:48 AM
To: Florin.Florian@net.utcluj.ro
Cc: pam-list@redhat.com
Subject: Re: restricted
Florian Florin <Florin.Florian@net.utcluj.ro> wrote:
> How can I restrict for some of the users to take "su -" in the telnet
> console?
This isn't really a "PAM answer", but some versions of su supports the
/etc/suauth file. `man suauth` for more info.
Regards
--
Joachim Blaabjerg
styx@mailbox.as
www.SuxOS.org
_______________________________________________
Pam-list@redhat.com
https://listman.redhat.com/mailman/listinfo/pam-list
