root will still be able to su to the user. A test would be to su to a user that does not have root access - and try to su - to the locked user.
If you want to completely disable the account, change the default shell to /bin/false. This is a shell that doesn't exist, so will not allow root to su to it.
*LK* belongs in the second field, but again, you SHOULD NOT manually manipulate this file.
Last edited by avronius; 09-15-2008 at 02:40 PM..
Reason: added some clarity
how can I lock my keyboard while I'm away from the computer without using lock command. What other commands gives me the option to lock keyboard device?
thanks (7 Replies)
I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired.
I need to request to the UNIX SA's that the password expiration is 90 days and that if it... (1 Reply)
Hi ,
I am faceing lot of problem due to "disk space is not enough".
senerio is like as,
In system has 5 account.
a,b,c,d,e
say account c if very critical.
Due to other user's data, user 'c' is faceing disk space issue.
I want to dedicate 3 GB for user 'c'.
No user... (1 Reply)
Hello all,
If anyone has time, I have a few questions:
How do I do the following in Linux. We are using Red Hat and Oracle Enterprise Linux, which is based on Red Hat too.
1. How to lock the account after a few (like 3) invalid password attempts?
2. How do you lock a screen after 30... (1 Reply)
Hi all,
I am having some issues with openssh vers OpenSSH_4.6p1 on SCO unixware 7.1.4
when a user accesses the system via ssh and the password is incorrect and more attempts have been made that the lock out limit I find that although there are messages in the syslog the account does not lock... (0 Replies)
Hi all,
I have to test some user priviliges. The goal is to be sure that an unauthorized user can't restart some modules (ssh, mysql etc...).
I'm trying to automate it with a shell script but in same cases I got the syslog broadcast message.
Is there any way to simply get a return code... (3 Replies)
I have made password less connection to my remote account. and i tried to execute commands at a time. but i am unable to execute the commands.
ssh $ACCOUNT_DETAILS@$HOST_DETAILS
cd ~/JEE/*/logs/ (1 Reply)
Discussion started by: kishored005
1 Replies
LEARN ABOUT X11R4
setuid
SETUID(1) General Commands Manual SETUID(1)NAME
setuid - run a command with a different uid.
SYNOPSIS
setuid username|uid command [ args ]
DESCRIPTION
Setuid changes user id, then executes the specified command. Unlike some versions of su(1), this program doesn't ever ask for a password
when executed with effective uid=root. This program doesn't change the environment; it only changes the uid and then uses execvp() to find
the command in the path, and execute it. (If the command is a script, execvp() passes the command name to /bin/sh for processing.)
For example,
setuid some_user $SHELL
can be used to start a shell running as another user.
Setuid is useful inside scripts that are being run by a setuid-root user -- such as a script invoked with super, so that the script can
execute some commands using the uid of the original user, instead of root. This allows unsafe commands (such as editors and pagers) to be
used in a non-root mode inside a super script. For example, an operator with permission to modify a certain protected_file could use a
super command that simply does:
cp protected_file temp_file
setuid $ORIG_USER ${EDITOR:-/bin/vi} temp_file
cp temp_file protected_file
(Note: don't use this example directly. If the temp_file can somehow be replaced by another user, as might be the case if it's kept in a
temporary directory, there will be a race condition in the time between editing the temporary file and copying it back to the protected
file.)
AUTHOR
Will Deich
local SETUID(1)