I have a Macintosh server computer with 3 users: admin, git, and server. Admin is the only administrator on the computer, while git and server are normal users. I can log in to all 3 over ssh, using public key authentication only for admin and server, while password authentication is enabled for git.
In short, I want to be able to log in directly to all 3 accounts via ssh, but only be able to switch accounts using su when I logged in first using admin. Is there a way to configure this in sshd_config?
Alternatively, is there a way you can disable su only for certain users?
The server is a a Mac Mini running macOS 10.13.5 and I am using the SSH server from the sharing menu, if that info is important.