On Tue, 2005-10-04 at 13:31 -0600, Lonnie Olson wrote: > The only sure way to lock an account from any SSH access is to remove > the entry from the passwd file altogether. If you don't use some > other form of user account management, you could just move their > passwd entry to a file called passwd.locked. This would prevent > *any* access by that user.
The problem there is that now their UID is gone so files owned by that user won't show an owner, just a number. And you have the possibility of re-using that UID. This is something I've had on my TODO list for a while. We use LDAP for our user accounts and I'm still trying to figure out for sure if the accounts I've locked out are really locked out. I'm hoping to get some time this week to investigate further. If that happens (a big IF), I'll post a follow up. Corey
signature.asc
Description: This is a digitally signed message part
/* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
