thoughts on shared account

From: Ballowe, Charles (CBallowe@usg.com)
Date: Fri Mar 12 2004 - 11:36:53 EST

• Next message: Adametz, Bluejay: "V5.1B patch kit 3 breaks Netbackup?"
• Previous message: Peter.Jakobs@marconiselenia.com: "Updated: TruCluster and Hitachi 9980v"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'd like to be able to have some accounts set up - particularly oracle user
and similar - that can only be su'd to but not logged into directly. This is
mostly to increase auditability etc. by getting the DBAs away from using a
shared account for login. I know it can be done trivially for root but I've
never tried for other users.

One thought I'm having is to lock the accounts in question - thus preventing
them from logging in directly - then using dop to assign the DBAs an action
to become the user, but there seems like it should be easier. I'd also like
to keep an additional password on the oracle account if possible, dop
wouldn't do that as it would run su as root.

Any thoughts?

-Charlie

• Next message: Adametz, Bluejay: "V5.1B patch kit 3 breaks Netbackup?"
• Previous message: Peter.Jakobs@marconiselenia.com: "Updated: TruCluster and Hitachi 9980v"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:49:53 EDT