Original Message: On Thu, Feb 27, 2003 at 03:17:38PM +0200, I wrote: >I've got Sun Fire V880's running ORACLE databases on Solaris 8 02/02 with >the db user called oracle9. > >As part of our security policy it is required that this user not be allowed >to login via telnet/ssh but instead the DBA must login on his own staff >account and then su to the oracle user. > >I am trying to achieve this without third party software so as to keep the >system "neat and tidy" as possible. The solaris software companion CD is >also installed. However, if relevant, I would like to use this resource >only as a last resort. The reason for doing this is so that the Solaris OE >does not end up looking/feeling like linux. I guess this is just a purist >point of view and in no way implies that linux is bad or anything negative. > >Someone told me to change the shell to /bin/false but that means staff >cannot su at all to the account as well. Another option is to create some >kind of wrapper script as a shell and then maybe exec to a real shell if >requirements are met. > >Any creative way to solve this? Thank you all for your replies. The general response was to use either of the two below: SUDO ---- Package: SMCsudo Subject: SUMMARY: sudo anyone? URL: http://www.netsys.com/sunmgr/1997-08/msg00133.html RBAC --- Package: builtin? Subject: SUMMARY: RBAC on Solaris 8 URL: http://www.sunmanagers.org/pipermail/summaries/2000-December/000113.html Thanks to: Tim Evans Alan Bradley - CPX WC Adam Ronthal Hichael Morton Tim Mohler Mike Penny Yura Pismerov Alan Pae JULIAN, JOHN C (AIT) Glass, David (UDB) Gene Beaird Stanley, Jon -- Sugan Moodley Unix Systems Administrator - Midrange Support 2nd Floor ABSA Towers South, 160 Main Street, Johannesburg, 2001, South Africa PO Box 7735, Johannesburg, 2000, South Africa Office: (011) 350-6376 Fax: (011) 350-6228 Cell: 082 772 0392 E-Mail: suganm@absa.co.za Pain is a thing of the mind. The mind can be controlled. -- Spock, "Operation -- Annihilate!" stardate 3287.2 ______________________________________________ "The information contained in this communication is confidential and may be legally privileged. It is intended solely for the use of the individual or entity to whom it is addressed and others authorised to receive it. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking action in reliance of the contents of this information is strictly prohibited and may be unlawful. Absa is liable neither for the proper, complete transmission of the information contained in this communication, nor for any delay in its receipt, nor for the assurance that it is virus-free." _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Fri Feb 28 03:03:09 2003
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:04 EST