Remote Access restriction

From: Sugan Moodley (suganm@absa.co.za)
Date: Thu Feb 27 2003 - 08:17:38 EST

• Next message: Nicolas Dorfsman: "mini-scheduler"
• Previous message: Kumar Guhan: "vxvm disk problems..."
• Next in thread: Sugan Moodley: "SUMMARY: Remote Access restriction"
• Reply: Sugan Moodley: "SUMMARY: Remote Access restriction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

I've got Sun Fire V880's running ORACLE databases on Solaris 8 02/02 with the db user called oracle9.

As part of our security policy it is required that this user not be allowed to login via telnet/ssh but instead the DBA must login on his own staff account and then su to the oracle user.

I am trying to achieve this without third party software so as to keep the system "neat and tidy" as possible. The solaris software companion CD is also installed. However, if relevant, I would like to use this resource only as a last resort. The reason for doing this is so that the Solaris OE does not end up looking/feeling like linux. I guess this is just a purist point of view and in no way implies that linux is bad or anything negative.

Someone told me to change the shell to /bin/false but that means staff cannot su at all to the account as well. Another option is to create some kind of wrapper script as a shell and then maybe exec to a real shell if requirements are met.

Any creative way to solve this?

Thank you.

Sugan Moodley
Unix Systems Administrator - Midrange Support
2nd Floor ABSA Towers South, 160 Main Street, Johannesburg, 2001, South Africa
PO Box 7735, Johannesburg, 2000, South Africa
Office: (011) 350-6376 Fax: (011) 350-6228 Cell: 082 772 0392 E-Mail: suganm@absa.co.za

Pain is a thing of the mind. The mind can be controlled.
                -- Spock, "Operation -- Annihilate!" stardate 3287.2
______________________________________________
"The information contained in this communication is confidential and
may be legally privileged. It is intended solely for the use of the
individual or entity to whom it is addressed and others authorised to
receive it. If you are not the intended recipient you are hereby
notified that any disclosure, copying, distribution or taking action
in reliance of the contents of this information is strictly prohibited
and may be unlawful. Absa is liable neither for the proper, complete
transmission of the information contained in this communication, nor
for any delay in its receipt, nor for the assurance that it is
virus-free."
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Next message: Nicolas Dorfsman: "mini-scheduler"
• Previous message: Kumar Guhan: "vxvm disk problems..."
• Next in thread: Sugan Moodley: "SUMMARY: Remote Access restriction"
• Reply: Sugan Moodley: "SUMMARY: Remote Access restriction"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Wed Apr 09 2008 - 23:25:53 EDT