- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: disabling su -oracle
Operating System - HP-UX
1753416
Members
5669
Online
108793
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2006 06:29 PM
тАО07-08-2006 06:29 PM
Hi, Due to some problems, i need to restrict the su -oracle command for the root, i know this sounds silly but i need a way to block system administrator to log into the oracle (or make su -oracle to ask him for a password).
The main problem is that the System administrator uses this command, logs into de DB and make changes, we are unable to see who make these changes since the logs said it was oracle user. is it any way to do this??
thanks.
The main problem is that the System administrator uses this command, logs into de DB and make changes, we are unable to see who make these changes since the logs said it was oracle user. is it any way to do this??
thanks.
Solved! Go to Solution.
3 REPLIES 3
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-08-2006 07:32 PM
тАО07-08-2006 07:32 PM
Solution
Shalom,
Be aware that disabling su - oracle will prevent root from starting Oracle automatically when the system is started.
An operator will then be required to log on as oracle and execute the startup scripts manually.
You can modify pam.d to force password on the oracle user with the above effects.
This issue appears to be a personnel issue and solving it with the system is likely to have bad side effects. The /etc/pam.d directory is reasonably well documented if you wish to proceed. I believe you can comment out one line and you will acheive what you wish.
SEP
Be aware that disabling su - oracle will prevent root from starting Oracle automatically when the system is started.
An operator will then be required to log on as oracle and execute the startup scripts manually.
You can modify pam.d to force password on the oracle user with the above effects.
This issue appears to be a personnel issue and solving it with the system is likely to have bad side effects. The /etc/pam.d directory is reasonably well documented if you wish to proceed. I believe you can comment out one line and you will acheive what you wish.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-09-2006 02:56 AM
тАО07-09-2006 02:56 AM
Re: disabling su -oracle
Thanks,
You're right, that would solve my problem but it might have really negative impacts. Is there any way to audit who and when somedoby uses the "su -oracle" command? it would be at least a little bit easier to determine if the system administrator is modifying something on the DB.
Thanks for your help.
You're right, that would solve my problem but it might have really negative impacts. Is there any way to audit who and when somedoby uses the "su -oracle" command? it would be at least a little bit easier to determine if the system administrator is modifying something on the DB.
Thanks for your help.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО07-09-2006 03:05 AM
тАО07-09-2006 03:05 AM
Re: disabling su -oracle
Hi Mynor:
The use of 'su' is audited in the '/var/adm/sulog' file. Both successful and unsuccessful transitions are recorded.
SU 07/09 10:59 + ttyp1 root-jrf
SU 07/09 11:00 - ttyp3 jrf-root
SU 07/09 11:01 + ttyp3 jrf-root
...The "+" denotes success; the "-" indicates failure. In the first line, a sucessful switch was made from 'root' to 'jrf'. In the last line, a sucessful switch occured from 'jrf' to 'root'.
There are also a few controls available with the '/etc/default/security' file.
http://www.docs.hp.com/en/B2355-60127/su.1.html
http://www.docs.hp.com/en/B2355-60127/security.4.html
Regards!
...JRF...
The use of 'su' is audited in the '/var/adm/sulog' file. Both successful and unsuccessful transitions are recorded.
SU 07/09 10:59 + ttyp1 root-jrf
SU 07/09 11:00 - ttyp3 jrf-root
SU 07/09 11:01 + ttyp3 jrf-root
...The "+" denotes success; the "-" indicates failure. In the first line, a sucessful switch was made from 'root' to 'jrf'. In the last line, a sucessful switch occured from 'jrf' to 'root'.
There are also a few controls available with the '/etc/default/security' file.
http://www.docs.hp.com/en/B2355-60127/su.1.html
http://www.docs.hp.com/en/B2355-60127/security.4.html
Regards!
...JRF...
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP