Answer by snic.io for How to prevent a user from login in, but allow "su -...
edit /etc/shadow by adding ! to the beginning of the password hash. username:!<hash>:#####:#:#####:#::: When securing a new install this is the first thing I do after installing sudo, so nobody...
View ArticleAnswer by artfulrobot for How to prevent a user from login in, but allow "su...
Assuming you only want to su user from root's account, and disable all other access: Use this (run as root): usermod -e 1 -L user This disables password login (as many other answers have advised), but...
View ArticleAnswer by abz for How to prevent a user from login in, but allow "su - user"...
In addition to what's been mentioned above (disable and/or not setting the user password), pam_access module (look up man page on pam_access and access.conf) can be used to control login access.
View ArticleAnswer by Loke for How to prevent a user from login in, but allow "su - user"...
If you still want su to work, you can use sudo -u [username] or pass -s /bin/bash to su as a temporary shell. They both do the same in absence of a shell in /etc/passwd.
View ArticleAnswer by Brian Postow for How to prevent a user from login in, but allow "su...
As I mentioned in a comment, I think that you can still su into an account with an invalid shell. So if you set the user's shell to /dev/null or whatever the shell of bin is, you should be able to...
View ArticleAnswer by BillThor for How to prevent a user from login in, but allow "su -...
Knowing which mechanism is best depends on the requirements. If you know the requirements, you can choose the appropriate mechanism. All of the above answers are valid for some set of requirements. Do...
View ArticleAnswer by cpbills for How to prevent a user from login in, but allow "su -...
as others have said; DenyUser username or DenyGroup groupname in sshd_config would prevent keypair/password login via ssh. though i usually do something like AllowGroup ssh or something along those...
View ArticleAnswer by astrostl for How to prevent a user from login in, but allow "su -...
If an account has no password (passwd -d username), they can't log in interactively (console, SSH, etc.). If they have a valid shell, su will still work. Note the "interactively," though; if somebody...
View ArticleAnswer by François Feugeas for How to prevent a user from login in, but allow...
Don't specify a password for the user not allowed to log in or delete it. # passwd -d myuser
View ArticleAnswer by Florian Diesch for How to prevent a user from login in, but allow...
You can use AllowUsers / AllowGroups if you have only a few users/groups that are allowed to login via ssh or DenyUsers / DenyGroups if you have only a few users/groups that are not allowed to login....
View ArticleAnswer by Chris S for How to prevent a user from login in, but allow "su -...
In sshd_config add a line DenyUser [username] Note that this will not prevent that user from logging in via the console.
View ArticleHow to prevent a user from login in, but allow "su - user" in Linux?
How do you allow a user to log in using "su - user" but prevent the user from login in using SSH? I tried to set the shell to /bin/false but the when I try to su it doesn't work. Are there several...
View Article