Re: [ot] how to create a user that can't log in?
Nathan,
Yes its possible, but it might not be wise ;)
One way to set it up so that the account doesn't have a password but can
be accessed is disable its password, but create a ssh public/private key
pair and give the users who should have access to it the key so they can
use key based authentication. The users log on as themselves then "ssh
project@localhost".
Now, as the other post says, its probably better to use sudo, as this
will provide more accountability and leave records of who did exactly
what. Each command is logged, time stamped and the user who did it
noted.
Now there was a discussion on the list a few months back about Sudo
being rather insecure in that if you give them access to anything vi
Sudo there is a good chance that they could leverage that into access to
everything, but I think that was in the context of using sudo with root.
You might want to search the archive and read that discussion before
investing time and effort into sudo.
Good luck,
David.
Nathan E Norman wrote:
>
> Hi,
>
> I'm setting up a project for some friends. I want each of them to
> have their own account, but I want the project to be hosted (and run
> under) a seperate account. Each user should be able to su to the
> project account to restart daemons. No user should be able to log in
> as the project user.
>
> How do I set this up? Is it possible?
>
> Thanks,
>
> --
> Nathan Norman - Staff Engineer | A good plan today is better
> Micromuse Ltd. | than a perfect plan tomorrow.
> mailto:nnorman@micromuse.com | -- Patton
>
> ------------------------------------------------------------------------
>
> Part 1.2 Type: application/pgp-signature
> Encoding: 7bit
Reply to: