SUMMARY:Login to locked accounts

Hello Managers,
I am pasting the summary for the problem below.
The problem
was:

I want to configure a LOGIN ID in such a way that the account
should be
locked and also ordinary users should be able to do "su" into that
account and
get a shell to work.Is there any possibility of doing this?


SUMMARY:
1. One
way is to make the home dir of the user (i.e. testuser)
non-writable to the
owner and then place a .profile in there that does a
"trap "" 2; exit". Anyone
doing a direct login will run the .profile and
exit out. This won't stop "r"
commands unless you shut them off.

3. Since you're running Solaris 8, you can
use RBAC (Role Based Access
Control) to do this.  Create testuser as a role
and assign that role to
the users you want to be able to access it. The OE
documentation will
give you the details on how to do this.

you can make
testuser a role with solaris 8 or 9's /etc/user_attr table.

add this to
/etc/user_attr:
testuser::::type=role;auths=solaris.*,solaris.grant;profiles=All
usertousesu::::type=normal;auths=solaris.system.dat;roles=testuser;profile
s=All

Only these users can su to testuser

Regards
Sridhara