No, it's not the right way. The daemons need to run as the project user, not the individual user. I know how to set up groups, permissions, etc. ... been doing that for several years now. What I'm wondering is if PAM or some other mechanism can be used to prevent a user from logging in via a network connection. It looks like people here don't know; that's fine, I'll continue researching. On Sun, Jan 20, 2002 at 01:39:48PM -0500, David Ehle wrote: > LOL, talk about not seeing the forest for the tree's... Yeah. Do it the > way he says. Its the "right" way of doing something like that. > > David. > > Alvin Oga wrote: > > > > hi ya nathan > > > > create a group "proj" > > > > add tom, dick, harry to belong to the proj group ( /etc/group ) > > - those NOT listed in proj will NOT be able to do anything > > > > make sure /home/project is owned by projectmanager and group proj > > make sure its chmod 775 or chmod 770 for /home/project > > > > make sure the shell for projectmanager is /dev/null ( no login shell ) > > > > each user ( tom, dick, harry ) can all run > > /home/project/scripts/start-me-up.sh > > w/o having to be projectmanager > > > > -- i claim there is no point to having a login account projectmanager/user > > if everybody can login into it... why bother ??? > > - you'd want to know who made the changes ... ( tom, dick, harry ) > > > > c ya > > alvin > > > > On Sun, 20 Jan 2002, Nathan E Norman wrote: > > > > > Hi, > > > > > > I'm setting up a project for some friends. I want each of them to > > > have their own account, but I want the project to be hosted (and run > > > under) a seperate account. Each user should be able to su to the > > > project account to restart daemons. No user should be able to log in > > > as the project user. > > > > > > How do I set this up? Is it possible? > > > > -- > > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org > > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > > > -- > To UNSUBSCRIBE, email to debian-security-request@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org > -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:nnorman@micromuse.com | -- Patton
Attachment:
pgpbfZ1Zuky4O.pgp
Description: PGP signature