Use pam_access.so for that purpose. I just did it recently for the same reason. Go into each pam conf file (like sshd) that you want to protect and add a line like so: account required /lib/security/pam_access.so Then edit or create a access.conf file for it to use.. On Redhat systems it's already there in /etc/security/access.conf with commentary in the file. Add a line in access.conf that reads like: -:oracle root:ALL One thing to watch out for, is if the name of the user is the same as a group name, then you need to further clarify it something like -:psoft@xxxxxxxxx root:ALL Otherwise it'll block all users that belong to that group. -Crispin -----Original Message----- From: George Miles [mailto:George_Miles@xxxxxxxxxxx] Sent: Thursday, July 10, 2003 9:17 AM To: pam-list@xxxxxxxxxx Subject: Restrict Login to su Yes another newbie - but I do need help - I need to have a user login restricted access to su. User "jonb" logs in and then su's to the restricted user "drafter". But user "drafter" can not login directly from any source. Thanks _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list _______________________________________________ Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
