Just a quick thanks to Frank for his piece scripting that helped me with my
login problem. The only thing that I added was a trap "" 2 3 at the top so
that my developers could cntrl C out of the .profile. Thanks to everyone
that submitted suggestions. There were a couple that I will probably use
with other issues I am having.
John R. James Jr.
Unix Systems Engineer
Applied Infrastructure Technology
Acxiom, Corp.
501-342-3061
jrjame_at_acxiom.com
-----Original Message-----
From: Frank Wortner [mailto:frank_at_bondnet.com]
Sent: Wednesday, June 21, 2000 4:33 PM
To: jrjame - John James
Subject: Re: Generic logins
On Wed, 21 Jun 2000, you wrote:
> What I would like to do
> is create a login that can only be su'd to. Meaning a user must login as
> themselves and them "su" into the generic account.
Here's my solution. Add this to the beginning of the generic account's
.profile:
WHO_AM_I=`who am i | awk '{ print $1}'`
WHOAMI=`whoami`
if [ $WHOAMI = $WHO_AM_I ]
then
echo 'Direct logins to this account are not allowed.'
echo 'Please login using your own account and use "su - admin".'
exit 1
fi
This little snippet of code checks to see if the real user ID of the invoker
is
the same as the login record in utmp. That is true if you login to the
account, but not true if you su to it.
If your generic account uses csh, you will have to make some syntax
changes,
and use .login instead of .profile, but the method is the same.
Hope this helps.
--
Frank
Frank Wortner
BondNet Division, The Bank of New York
frank_at_bondnet.com
Received on Thu Jun 22 2000 - 20:55:03 NZST