cancel
Showing results for 
Search instead for 
Did you mean: 

membership change

funnyit
Occasional Visitor

membership change

we have SAP run on HP-UX 11iv3. For several times, and on several machines, we found that SAP and Oracle OS users were removed from specific OS user groups that they belong to. And we had to manually re-add the users to related groups. We do not think there was someone who did it by issuing OS commands.

How to find out how this strange events happened?

Could SAP or Oracle or other applications do those things?

Thanks.
5 REPLIES
Michael Steele_2
Honored Contributor

Re: membership change

HI

This is a Holloween Ghost question I think.

For these types of problems, use sudo.

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.7.2p1/

SAP users are not suppose to have access to anything UNIX. They have application accounts but not UNIX accounts.

For the two or three SAP Admins that do have UNIX accounts, use sudo.

Question: This is also suppose to fall under Sarbannes Oxley and a responsibility of upper mgmt. Who is your Sarbannes Oxley mgr.?
Support Fatherhood - Stop Family Law
funnyit
Occasional Visitor

Re: membership change

Hi:

Thanks.

However, this is certainly not a Halloween Ghost question.

here the SAP and Oracle users I mean are OS system users, such as sidadm, etc.

Would there be any other suggestion for troubleshooting?
Michael Steele_2
Honored Contributor

Re: membership change

You are looking at an access to root problem, and root leaves no footprints, except with 'sudo'.


What you have to do is change the root password, give everybody access via their own personal accounts, and only allow access to root via sudo.

'sudo' logs every command executed in the sudo log.

'sudo' has been a data center standard for these types of problems for a long time.
Support Fatherhood - Stop Family Law
Kapil Jha
Honored Contributor

Re: membership change

Is it keep on happening or just happened one time.Did you see anything in cron/syslog.


BR,
Kapil+
I am in this small bowl, I wane see the real world......
Dennis Handly
Acclaimed Contributor

Re: membership change

>we found that SAP and Oracle OS users were removed from specific OS user groups that they belong to.

Do you have backups? Do they indicate when /etc/passwd and /etc/group were modified?