SUMMARY: really sudo?

From: Jacques Rall (jacques.rall@za.eds.com)
Date: Sat Jan 04 1997 - 10:31:56 CST


Original question:

Dear SMs,

Is the package 'sudo' really needed to only allow an 'su' to an
account?

What about adding the following lines at the top of the .profile?

$ cat .profile
trap "echo Sorry" 2 3
usr1=`who -m|/usr/bin/awk '{print $1}'`
usr2=`/usr/ucb/whoami|/usr/bin/awk '{print $1}'`
echo $usr1 $usr2
if [ "$usr1" = "$usr2" ]
then
        exit
fi

.. and of course change the ownership to root of the .profile.

This way the user cannot login directly and has to do an 'su' to the
user account.

Thanks

Answer:

        Right idea wrong file. Add the following lines to the top of
/etc/profile if you only want users to 'su' to the 'joeblock' account
and deny any direct login via telnet:

trap "" 2 3
usr1=`who -m|/usr/bin/awk '{print $1}'`
usr2=`/usr/ucb/whoami|/usr/bin/awk '{print $1}'`
if [ "$usr2" = "joeblock" ]
then
        if [ "$usr1" = "$usr2" ]
        then
                exit
        fi
fi

Thanks to all who replied.



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:11:42 CDT