On Mon, Aug 28, 2006 at 10:58:27AM -0400, Jaqui Greenlees wrote: > The fact that access to su is granted by > authentication to start the bash session, not when su > is invoked.
Nonsense. > the shell variable is only invoked by the shell during > the session start process to limit or allow the > access. Gibberish. > In effect, I'm wanting to do exactly this, by using > the authentication method for the ssh tunnel to > determine the group membership. only thos using the ky > pair gt the access to admin tools. That's what I just suggested. > This type of functionality would bnefit large networks > or web hosting companies that do allow ssh access to > account holders, yet not interfere with the remote > access for administration staff tasks. A trusted and > non trusted account holder status. > ( trusted are the staff, non trusted ar the clients ) Just put the admin staff in the "wheel" group, and not the customers. You don't need any fancy tricks here. This is Unix 101 material.
