HPE Community
Operating System - HP-UX
1753548 Members
5740 Online
108795 Solutions
New Discussion юеВ

When an oracle user logsin via a dt, hp or a xt session toast 'em

 
Bob Milton
New Member

тАО11-22-2000 01:53 PM

тАО11-22-2000 01:53 PM

When an oracle user logsin via a dt, hp or a xt session toast 'em

When an oracle user logs in via a dt, hp or a xt session I want to toast 'em. I have 11 Oracle dba's and most of them will login as their account then su oracle (no - ) as I have in the oracle home account .profile exit 0. But they have discovered they can use a GUI such as Exceed to do a dtsession which doesn't read or use the oracle .profile... I have a HP solution to edit Xstartup and so on which will be null on a OS upgrade. Any suggestions would be appreciated so I can run a simple script that will allow someone to su to oracle but not login as oracle. Thanks.
0 Kudos
Reply
5 REPLIES 5
Victor BERRIDGE
Honored Contributor

тАО11-22-2000 02:05 PM

тАО11-22-2000 02:05 PM

Re: When an oracle user logsin via a dt, hp or a xt session toast 'em

Hi,
Just thoughts, what about removing the shell or put something else as, in /etc/passwd, that would stop them connecting or do a su - oracle, then move .profile to profile_oracle and foorce them to su oracle (to get UID) then . profile_oracle to get the env ?

Im having trouble with my SP2 I have to leave

Best regards
Victor
0 Kudos
Reply
Pramod_4
Trusted Contributor

тАО11-22-2000 02:35 PM

тАО11-22-2000 02:35 PM

Re: When an oracle user logsin via a dt, hp or a xt session toast 'em

Hi,

Add the following in your /etc/profile:

if [ "$LOGNAME" = "oracle" ]
then
exit 1
fi


Ensure that you don?t make any typographical errors.

With the above in /etc/profile ?su ? oracle?, hpterm and xterm exits but ? su oracle ? works perfectly.

Protect your /etc/profile with proper permissions.!!


Regards,

Pramod


0 Kudos
Reply
Karen Elrod
Frequent Advisor

тАО11-22-2000 02:52 PM

тАО11-22-2000 02:52 PM

Re: When an oracle user logsin via a dt, hp or a xt session toast 'em

You could also edit the .dtprofile and uncomment the DTSOURCEPROFILE=true so that the profile is always read.
0 Kudos
Reply
Alex Glennie
Honored Contributor

тАО11-23-2000 12:47 AM

тАО11-23-2000 12:47 AM

Re: When an oracle user logsin via a dt, hp or a xt session toast 'em

This is what you want =>

check /usr/dt/config/Xaccess : this file can be used to prevent access from specific remote hosts eg your friends on the PC's. It will affect only users who login via or under an X or CDE session.

As to why they can by pass your security via CDE login : most likely reason is the shell is not reading the users .profile.

This too can be ammended : check man dt,xt or hpterm : see loginShell resoure : you can set in each users $HOME/.dt/.Xdefaults file or globally.

To check this theory : get a users to login as normal via exceed : run dterm -ls & and then try Oracle, if this method fails ...this is your problem
0 Kudos
Reply
Alex Glennie
Honored Contributor

тАО11-23-2000 12:50 AM

тАО11-23-2000 12:50 AM

Re: When an oracle user logsin via a dt, hp or a xt session toast 'em

you can also use a similar method to Pramod to prevent a specific user login via CDE ... I can give you details, but a search on this forum should also uncover the details.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.