HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
cancel
Showing results for 
Search instead for 
Did you mean: 

Block su with RBAC

 
alex1982
Frequent Advisor

Block su with RBAC

Hello everybody,
i have just installed RBAC on my HP-UX 11.31 and i have started configuring it.
I have different accounts on my system,including the oracle account that is used by the Oracle application.
I would like to block the oracle user from logging in directly to the system, and instead the database administror account can su to the oracle user.
Can i block the oracle user from logging in directly to the system using RBAC ?
How can i further improve security, by allowing only a group ( for example the database administror's group of users) to su to the oracle account using RBAC?

Thanks in advance.
3 REPLIES
Horia Chirculescu
Honored Contributor

Re: Block su with RBAC

Hello,

>by allowing only a group ( for example the database administror's group of users) to su to the oracle account

You could chgrp the "su" executable as the desired group, and chmod 4550 /usr/bin/su. Then add users that will be permitted to execute "su" to that group.

Horia.
Best regards from Romania,
Horia.
alex1982
Frequent Advisor

Re: Block su with RBAC

Yes,but in this way i would limit the use of su by other accounts or group of accounts.
In fact, i have read somewhere else that what i am trying to do,blocking direct login for accounts,can also be implemented by using RBAC,but i don't know how.
Horia Chirculescu
Honored Contributor

Re: Block su with RBAC

>but i don't know how.

Usually, at this point would help if you will go back to the manual pages. Read the docs.

Best regards,
Horia.
Best regards from Romania,
Horia.