HPE Community
Operating System - HP-UX
1753789 Members
7464 Online
108799 Solutions
New Discussion юеВ

membership change

 
funnyit
New Member

тАО11-01-2009 05:50 PM

тАО11-01-2009 05:50 PM

membership change

we have SAP run on HP-UX 11iv3. For several times, and on several machines, we found that SAP and Oracle OS users were removed from specific OS user groups that they belong to. And we had to manually re-add the users to related groups. We do not think there was someone who did it by issuing OS commands.

How to find out how this strange events happened?

Could SAP or Oracle or other applications do those things?

Thanks.
0 Kudos
Reply
5 REPLIES 5
Michael Steele_2
Honored Contributor

тАО11-01-2009 05:59 PM

тАО11-01-2009 05:59 PM

Re: membership change

HI

This is a Holloween Ghost question I think.

For these types of problems, use sudo.

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.7.2p1/

SAP users are not suppose to have access to anything UNIX. They have application accounts but not UNIX accounts.

For the two or three SAP Admins that do have UNIX accounts, use sudo.

Question: This is also suppose to fall under Sarbannes Oxley and a responsibility of upper mgmt. Who is your Sarbannes Oxley mgr.?
Support Fatherhood - Stop Family Law
0 Kudos
Reply
funnyit
New Member

тАО11-01-2009 07:42 PM

тАО11-01-2009 07:42 PM

Re: membership change

Hi:

Thanks.

However, this is certainly not a Halloween Ghost question.

here the SAP and Oracle users I mean are OS system users, such as sidadm, etc.

Would there be any other suggestion for troubleshooting?
0 Kudos
Reply
Michael Steele_2
Honored Contributor

тАО11-01-2009 07:50 PM

тАО11-01-2009 07:50 PM

Re: membership change

You are looking at an access to root problem, and root leaves no footprints, except with 'sudo'.


What you have to do is change the root password, give everybody access via their own personal accounts, and only allow access to root via sudo.

'sudo' logs every command executed in the sudo log.

'sudo' has been a data center standard for these types of problems for a long time.
Support Fatherhood - Stop Family Law
0 Kudos
Reply
Kapil Jha
Honored Contributor

тАО11-01-2009 07:50 PM

тАО11-01-2009 07:50 PM

Re: membership change

Is it keep on happening or just happened one time.Did you see anything in cron/syslog.


BR,
Kapil+
I am in this small bowl, I wane see the real world......
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО11-01-2009 11:27 PM

тАО11-01-2009 11:27 PM

Re: membership change

>we found that SAP and Oracle OS users were removed from specific OS user groups that they belong to.

Do you have backups? Do they indicate when /etc/passwd and /etc/group were modified?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.