There's nothing that you need to install. PAM is integrated into your system and already has several roles in the way it works with administering the system. All you need to do is to modify the file '/etc/pam.d/su' to make the changes that Sandy posted above.
Hope it works the way you want it to. Do be careful, though, and make sure that you're doing it correctly. Messing these kinds of things up could potentially lock your from your system, and you'll have a bit of work to clean it up after. You might read up on chrooting (something I know little about unfortunately) and doing what Sandy suggested as a trial before you commit.
Alright so I copied and pasted Sandy's above commands, replacing username with the user that I wanted to block and got -a option not recognized.
groupadd: invalid option -- 'a'
Usage: groupadd [options] GROUP
-f, --force exit successfully if the group already exists,
and cancel -g if the GID is already used
-g, --gid GID use GID for the new group
-h, --help display this help message and exit
-K, --key KEY=VALUE override /etc/login.defs defaults
-o, --non-unique allow to create groups with duplicate
-p, --password PASSWORD use this encrypted password for the new group
-r, --system create a system account
Never mind I used:
and it worked. So it worked more perfectly then I imagined. If I use su it looks normal, still prompts for user password then sends permission denied even for the right password. If I logged into the user on the computer itself I can use the exit command to switch back to the previous user however, on ssh this closes the connection insteadCode:sudo adduser username nosu
THANK YOU EVERYBODY THAT HELPED ME SO QUICKLY
Once again, another thanks to everyone that helped me so quickly. This forum has by far the best support that I have ever seen and as I gain more experience I plan on contributing a bit more. But for now if anyone could suggest a good DLNA server that'd be great.