How to prevent a user from login in, but allow "su - user" in Linux?

Answer by snic.io for How to prevent a user from login in, but allow "su -...

December 30, 2013, 6:20 pm

edit /etc/shadow by adding ! to the beginning of the password hash. username:!<hash>:#####:#:#####:#::: When securing a new install this is the first thing I do after installing sudo, so nobody...

View Article

Answer by artfulrobot for How to prevent a user from login in, but allow "su...

November 18, 2013, 5:49 am

Assuming you only want to su user from root's account, and disable all other access: Use this (run as root): usermod -e 1 -L user This disables password login (as many other answers have advised), but...

View Article

Answer by abz for How to prevent a user from login in, but allow "su - user"...

September 27, 2012, 3:16 pm

In addition to what's been mentioned above (disable and/or not setting the user password), pam_access module (look up man page on pam_access and access.conf) can be used to control login access.

View Article

Answer by Loke for How to prevent a user from login in, but allow "su - user"...

April 14, 2015, 3:09 am

If you still want su to work, you can use sudo -u [username] or pass -s /bin/bash to su as a temporary shell. They both do the same in absence of a shell in /etc/passwd.

View Article

Answer by Brian Postow for How to prevent a user from login in, but allow "su...

June 9, 2010, 9:26 am

As I mentioned in a comment, I think that you can still su into an account with an invalid shell. So if you set the user's shell to /dev/null or whatever the shell of bin is, you should be able to...

View Article

Answer by BillThor for How to prevent a user from login in, but allow "su -...

August 13, 2015, 9:35 am

Knowing which mechanism is best depends on the requirements. If you know the requirements, you can choose the appropriate mechanism. All of the above answers are valid for some set of requirements. Do...

View Article

Answer by cpbills for How to prevent a user from login in, but allow "su -...

June 9, 2010, 9:15 am

as others have said; DenyUser username or DenyGroup groupname in sshd_config would prevent keypair/password login via ssh. though i usually do something like AllowGroup ssh or something along those...

View Article

Answer by astrostl for How to prevent a user from login in, but allow "su -...

June 9, 2010, 8:53 am

If an account has no password (passwd -d username), they can't log in interactively (console, SSH, etc.). If they have a valid shell, su will still work. Note the "interactively," though; if somebody...

View Article

Answer by François Feugeas for How to prevent a user from login in, but allow...

June 9, 2010, 8:50 am

Don't specify a password for the user not allowed to log in or delete it. # passwd -d myuser

View Article

Answer by Florian Diesch for How to prevent a user from login in, but allow...

December 30, 2013, 6:23 pm

You can use AllowUsers / AllowGroups if you have only a few users/groups that are allowed to login via ssh or DenyUsers / DenyGroups if you have only a few users/groups that are not allowed to login....

View Article

Answer by Chris S for How to prevent a user from login in, but allow "su -...

June 9, 2010, 8:28 am

In sshd_config add a line DenyUser [username] Note that this will not prevent that user from logging in via the console.

View Article

How to prevent a user from login in, but allow "su - user" in Linux?

February 10, 2017, 3:05 am

How do you allow a user to log in using "su - user" but prevent the user from login in using SSH? I tried to set the shell to /bin/false but the when I try to su it doesn't work. Are there several...

View Article

More Pages to Explore .....

Latest Images