Is it possible to restrict access for a particular local user in Linux, with below mentioned conditions:
- User should have no direct shell access
- User should be able to login with command “su -” from any other user shell
- User should be able to do SFTP via winscp client and copy files from local machine to user’s home directory
Answer
When you say no direct shell access, I assume that restriction is only meant to apply in regards to ssh logins?
If so, the easiest solution is to enforce SFTP-only in your /etc/ssh/sshd_config.
Match User oracle
ForceCommand internal-sftp
Attribution
Source : Link , Question Author : Arun Krishnan , Answer Author : andol