HPE Community
Operating System - HP-UX
1820473 Members
3189 Online
109624 Solutions
New Discussion юеВ

Re: Disable oracle login

 
hpuxrox
Respected Contributor

тАО08-07-2007 04:09 AM

тАО08-07-2007 04:09 AM

Disable oracle login

How would one disable direct login from to root
0 Kudos
Reply
6 REPLIES 6
Steven E. Protter
Exalted Contributor

тАО08-07-2007 04:18 AM

тАО08-07-2007 04:18 AM

Re: Disable oracle login

Shalom,

1) Change the shell in /etc/passwd to /usr/bin/false

2) Change /etc/profile to detect and log out the oracle user.

Suggestion 2 interfers with system startup of the database. System 1 does as well. Don't do either if your system auto starts oracle.

Another method is the use the passwd -l command.

Root should still be able to start the database after running:

passwd -l oracle

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
James R. Ferguson
Acclaimed Contributor

тАО08-07-2007 04:25 AM

тАО08-07-2007 04:25 AM

Re: Disable oracle login

Hi:

> How would one disable direct login from to root

If that is the question, then one way is to create '/etc/securetty' with the line:

console

...This will prevent 'root' from logging on anywhere except from the console. This does *not* prevent 'su' to the root account, but that will be tracked in '/var/adm/sulog'.

To impose additional constraints on 'su' setup a 'SU_ROOT_GROUP' in '/etc/default/security'. This option forces a non-superuser to be a member of the specified root group to be allowed to 'su' the root account.

Regards!

...JRF...
0 Kudos
Reply
hpuxrox
Respected Contributor

тАО08-07-2007 05:46 AM

тАО08-07-2007 05:46 AM

Re: Disable oracle login

I'm looking to do the same thing /etc/securetty does for root.. but for oracle
0 Kudos
Reply
hpuxrox
Respected Contributor

тАО08-07-2007 06:29 AM

тАО08-07-2007 06:29 AM

Re: Disable oracle login

I will just use DenyUsers in ssh... I was just hoping there was a system level way. thanks
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО08-07-2007 06:43 AM

тАО08-07-2007 06:43 AM

Re: Disable oracle login

I believe you can do this with Role Based Access Control:

http://docs.hp.com/en/5991-8678/index.html

Either that, buy Server Control from http://www.foxt.com or I believe Centrify has something as well...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Srinivas Thokala_1
Frequent Advisor

тАО08-07-2007 07:39 AM

тАО08-07-2007 07:39 AM

Re: Disable oracle login

The control files are
/var/adm/.access_list
/var/adm/.secure_console
/var/adm/.generic_login

The account IDs listed in ile .generic_login will restric direct login. One has to login as themself before su to generic accounts.

-Srini
Srinivas Thokala
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.