https://community.hpe.com/t5/operating-system-hp-ux/disabling-su-oracle/m-p/3820126#M780871 Hi Mynor:<BR /><BR />The use of 'su' is audited in the '/var/adm/sulog' file. Both successful and unsuccessful transitions are recorded.<BR /><BR />SU 07/09 10:59 + ttyp1 root-jrf<BR />SU 07/09 11:00 - ttyp3 jrf-root<BR />SU 07/09 11:01 + ttyp3 jrf-root<BR /><BR />...The "+" denotes success; the "-" indicates failure. In the first line, a sucessful switch was made from 'root' to 'jrf'. In the last line, a sucessful switch occured from 'jrf' to 'root'.<BR /><BR />There are also a few controls available with the '/etc/default/security' file. <BR /><BR /><A href="http://www.docs.hp.com/en/B2355-60127/su.1.html" target="_blank">http://www.docs.hp.com/en/B2355-60127/su.1.html</A><BR /><BR /><A href="http://www.docs.hp.com/en/B2355-60127/security.4.html" target="_blank">http://www.docs.hp.com/en/B2355-60127/security.4.html</A><BR /><BR />Regards!<BR /><BR />...JRF... Sun, 09 Jul 2006 10:05:59 GMT James R. Ferguson 2006-07-09T10:05:59Z https://community.hpe.com/t5/operating-system-hp-ux/disabling-su-oracle/m-p/3820123#M780868 Hi, Due to some problems, i need to restrict the su -oracle command for the root, i know this sounds silly but i need a way to block system administrator to log into the oracle (or make su -oracle to ask him for a password).<BR />The main problem is that the System administrator uses this command, logs into de DB and make changes, we are unable to see who make these changes since the logs said it was oracle user. is it any way to do this?? <BR />thanks. Sun, 09 Jul 2006 01:29:52 GMT https://community.hpe.com/t5/operating-system-hp-ux/disabling-su-oracle/m-p/3820123#M780868 Mynor Aguilar 2006-07-09T01:29:52Z https://community.hpe.com/t5/operating-system-hp-ux/disabling-su-oracle/m-p/3820124#M780869 Shalom,<BR /><BR />Be aware that disabling su - oracle will prevent root from starting Oracle automatically when the system is started.<BR /><BR />An operator will then be required to log on as oracle and execute the startup scripts manually.<BR /><BR />You can modify pam.d to force password on the oracle user with the above effects.<BR /><BR />This issue appears to be a personnel issue and solving it with the system is likely to have bad side effects. The /etc/pam.d directory is reasonably well documented if you wish to proceed. I believe you can comment out one line and you will acheive what you wish.<BR /><BR />SEP Sun, 09 Jul 2006 02:32:32 GMT https://community.hpe.com/t5/operating-system-hp-ux/disabling-su-oracle/m-p/3820124#M780869 Steven E. Protter 2006-07-09T02:32:32Z https://community.hpe.com/t5/operating-system-hp-ux/disabling-su-oracle/m-p/3820125#M780870 Thanks,<BR />You're right, that would solve my problem but it might have really negative impacts. Is there any way to audit who and when somedoby uses the "su -oracle" command? it would be at least a little bit easier to determine if the system administrator is modifying something on the DB.<BR /><BR /><BR />Thanks for your help. Sun, 09 Jul 2006 09:56:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/disabling-su-oracle/m-p/3820125#M780870 Mynor Aguilar 2006-07-09T09:56:13Z https://community.hpe.com/t5/operating-system-hp-ux/disabling-su-oracle/m-p/3820126#M780871 Hi Mynor:<BR /><BR />The use of 'su' is audited in the '/var/adm/sulog' file. Both successful and unsuccessful transitions are recorded.<BR /><BR />SU 07/09 10:59 + ttyp1 root-jrf<BR />SU 07/09 11:00 - ttyp3 jrf-root<BR />SU 07/09 11:01 + ttyp3 jrf-root<BR /><BR />...The "+" denotes success; the "-" indicates failure. In the first line, a sucessful switch was made from 'root' to 'jrf'. In the last line, a sucessful switch occured from 'jrf' to 'root'.<BR /><BR />There are also a few controls available with the '/etc/default/security' file. <BR /><BR /><A href="http://www.docs.hp.com/en/B2355-60127/su.1.html" target="_blank">http://www.docs.hp.com/en/B2355-60127/su.1.html</A><BR /><BR /><A href="http://www.docs.hp.com/en/B2355-60127/security.4.html" target="_blank">http://www.docs.hp.com/en/B2355-60127/security.4.html</A><BR /><BR />Regards!<BR /><BR />...JRF... Sun, 09 Jul 2006 10:05:59 GMT https://community.hpe.com/t5/operating-system-hp-ux/disabling-su-oracle/m-p/3820126#M780871 James R. Ferguson 2006-07-09T10:05:59Z