John
Our oracle .profile looks something like this:
NAME=`who am i | awk '{print $1}'`
DT=`date "+%m/%d/%y %H:%M:%S"`
DT2=`date "+%m%d%y%H%M"`
NAMEDIR=/usr/local/bin
USERS=$NAMEDIR/users
if [ $NAME = `whoami` ]
then
sleep 2 # allow time to display message.
echo "\nYou cannot log in as user $LOGNAME, use su!\n"
exit
fi
echo "\nChecking access rights for $NAME..."
sleep 2
if grep $NAME $USERS
then
echo "\n$NAME - access allowed."
else
echo "\nYou do not have access to the `whoami` account."
echo "Bye!"
exit
fi
echo "\n##################################################################"
echo "\nSU from $NAME to `whoami` at $DT"
echo "\nWARNING - You are now logged in as `whoami` !!!"
echo "\nThis is a privileged account, all activity is logged, BE CAREFUL !"
echo "\n##################################################################"
echo "\n\n\nHit Enter to continue...\c"
read a
. ./.profile2
And because we have disabled any direct login we have disabled the remsh facility also!
