> If I understand your question correctly, you are trying to prohibit access > to the john user via su. If this is the case, and you want to prevent all > users from being able to su to john, then you can use a pam_listfile > restriction in /etc/pam.d/su which controls access to who can be su'd to > and not who can su to another user. > Thanks~ I have take a glimpse at codes in the pam_listfile. It seems that all the hooks will finally call the pam_sm_authenticate to deny somebody. Can I embed my codes in some other hooks except pam_sm_authenticate to deny specific users ? _______________________________________________ Pam-list mailing list Pam-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/pam-list
