Results 1 to 5 of 5
  1. #1
    Join Date
    Aug 2008
    Location
    Toronto, Canada
    Posts
    2,367

    Unanswered: Disable local/remote login for a user id on Linux

    Linux RHEL and SUSE


    We have a db2 userid that must have a password and it must be an expiring password. We want to disable local/remote login for this id, but we want to be able to sudo into this id. What we've done is to disable shell for this id:

    /etc/passwd:
    db2inst1:x:1011:1018::/xxx/db2/db2inst1:/bin/false


    To sudo, we use: sudo su -s /bin/bash - db2inst1


    Is there some other way to disable local/remote login for this id (id must have an expiring password)? We want to sudo without using -s option.

  2. #2
    Join Date
    Sep 2009
    Location
    Ontario
    Posts
    1,057
    Provided Answers: 1
    Are you using telnet or ssh?
    If ssh, just add the user id to the Deny list.

  3. #3
    Join Date
    Aug 2008
    Location
    Toronto, Canada
    Posts
    2,367
    I'm using putty and connection type = ssh.

    deny list - is this some file on Linux? If a user is added to this deny list, can I sudo into it from my personal id?

  4. #4
    Join Date
    Sep 2009
    Location
    Ontario
    Posts
    1,057
    Provided Answers: 1
    Edit the file sshd_config, probably in /etc/ssh and add/update a line at the end:
    Code:
    Denyusers db2inst1
    Restart sshd

    This probably requires root access.
    There is also an "Allowusers" list, use whichever way or combination works for you.

  5. #5
    Join Date
    Aug 2008
    Location
    Toronto, Canada
    Posts
    2,367
    Will check tomorrow. Thanks.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •