cancel
Showing results for 
Search instead for 
Did you mean: 

Block su with RBAC

alex1982
Frequent Advisor

Block su with RBAC

Hello everybody,
i have just installed RBAC on my HP-UX 11.31 and i have started configuring it.
I have different accounts on my system,including the oracle account that is used by the Oracle application.
I would like to block the oracle user from logging in directly to the system, and instead the database administror account can su to the oracle user.
Can i block the oracle user from logging in directly to the system using RBAC ?
How can i further improve security, by allowing only a group ( for example the database administror's group of users) to su to the oracle account using RBAC?

Thanks in advance.
3 REPLIES
Horia Chirculescu
Honored Contributor

Re: Block su with RBAC

Hello,

>by allowing only a group ( for example the database administror's group of users) to su to the oracle account

You could chgrp the "su" executable as the desired group, and chmod 4550 /usr/bin/su. Then add users that will be permitted to execute "su" to that group.

Horia.
Best regards from Romania,
Horia.
alex1982
Frequent Advisor

Re: Block su with RBAC

Yes,but in this way i would limit the use of su by other accounts or group of accounts.
In fact, i have read somewhere else that what i am trying to do,blocking direct login for accounts,can also be implemented by using RBAC,but i don't know how.
Horia Chirculescu
Honored Contributor

Re: Block su with RBAC

>but i don't know how.

Usually, at this point would help if you will go back to the manual pages. Read the docs.

Best regards,
Horia.
Best regards from Romania,
Horia.