how to create a user, which can't be su'd to ?
pri=2 Dan Stromberg
dstrombe at ucqais.uc.edu
Tue Jan 22 02:17:33 AEST 1991
In article <1460 at nixsin.UUCP>, koerberm at nixsin.UUCP (Mathias Koerber) writes:
> Howdy,
>
> I have a (small) system, which I want all my staff to be able to shutdown in
> the evening, without having to give them full root access. So i created a user
> "shut", whose .profile calls /etc/shutdown with all the necessary parameters.
>
> I want to protect this account against being accessed via su, so that it is not
> used accidentally. How can I do this?
>
> I already check the number of logged-in users to be one (=shut), so that it
> only can be used once everybody is out. But a su would not increase that number.
>
> Any help appreciated
>
> Mathias
> --
> Mathias Koerber | S iemens | EUnet: koerber.sin at nixdorf.de
> 2 Kallang Sector | N ixdorf | USA: koerber.sin at nixdorf.com
> S'pore 1344 | I nformation Systems | Tel: +65/7402852 | Fax: +65/7402834
> * Packed with Power, SNIckers really satisfy (or do they? Ask them gals :-) )*
Disclaimer: I haven't tried this. The only thing I have root access on
these days is Minix. :-(
One alternative: write a C program that returns a status indicating if the
current user's *effective* user id is equal to the current user's *actual*
user id. You could then use that status in an if, determining if you
actually want to shut down or not.
Or... I suppose a more (re)useful way of doing it, would be to write an
"ewho" program, that printf's the effective user id (eg "root", not the
numbers), and use a string comparison against its output, and the first
field of `who am i`.
Heh. Of course, I just tried
$ who am i
on this machine, and it didn't output a thing... so maybe the first
suggestion work better. :-)
- Dan
More information about the Comp.unix.questions
mailing list