UNIX login ID

rambo15 · June 29, 2007, 12:22pm

Hello World:
I need to have a user ID called devapp in the passwd and shadow file for a certain application to start. The problem is that I do not want users to be able to use the devapp login ID to log directly into the system. The users sometimes need to start and stop the application and view it's log files. This can only be done if they are the devapp user. What I need to do is not allow the devapp login directly to the system, but allow the user to login as himself and SU to the devapp user ID. I have tried placing /bin/false as the shell for the devapp user ID but then when user tries to SU to devapp it fails.
Any suggestions or thoughts would be greatly appreciated.

Respectfully;
Mark K.

jim_mcnamara · June 29, 2007, 2:02pm

Try a restricted shell
chroot the account and limit what is in the local /usr/bin directory
Write a login script that locks the users into a script with just the options you want to allow - start, stop, view logs.

Perderabo · June 29, 2007, 2:15pm

What OS? You might try sudo. Also try leaving nothing at all as the shell field.

porter · June 29, 2007, 3:15pm

or "/bin/false"