Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations biv343 on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Keeping out user "oracle"

Status
Not open for further replies.
bigdaddy01

bigdaddy01

MIS
Jun 28, 2002
64
GB
Guys,

I have a problem, I have oracle administrators that log in to my solaris servers as oracle. This stops me from tracking who is on the box. Is there away to stop the user oracle from logging in, yet run on the server ok ? Like root it has no access if it logs in remotely, it only works on the console. Something like that !

cheers !

P.
 
Sort by date Sort by votes
Hi,

You can check base on IP's if he/she logon remotely. Use last command to check them.

Or change the shell for oracle user to nologin. Create shell script called nologin that will echo warning msg and quit straight away. Remember that if you put oracle shell as nologin you wont be able to do any work as oracle unless you change back the shell which I think straight forward enough. It just more work for you.

feroz
 
Upvote 0 Downvote
Ok how do I change the shell to nologin ?

And for the other way, where do I run this script do I run it from there profile ? if I do cant they stop it and drop to the shell if they are quick enough ?

Thanks its got me to look in the right direction!
 
Upvote 0 Downvote
If you change the shell to nologin or any such non-existent shells, you have to update /etc/shells with it and do a usermod -s /bin/nologin oracle . That will prevent any login whatsoever, including su, since you will get a "no shell" error. If, however, you only want to lock the ID from logon, you can use this method that will exit their login shell only but they can still su to it.

(insert text where it matches)

/etc/.login

case 2:
echo "You have mail."
breaksw;
endsw
# start user security deny login
onintr -
set USER = `who am i | awk '{ print $1 }'`
foreach user ( oracle )
if ( "$USER" == "$user" ) then
echo ""
echo "*** Warning: This ID does not support interactive login. ***"
echo "********* Please sign on using your local account. *********"
logout
endif
end
# end user security
endif
#

/etc/profile

2)
echo "You have mail."
;;
esac
# start user security deny login
USER=`/usr/bin/who am i | awk '{ print $1 }'`
for user in oracle
do
if [ "$USER" = "$user" ]; then
echo ""
echo "*** Warning: This ID does not support interactive login. ***"
echo "********* Please sign on using your local account. *********"
exit
fi
done
# end user security
fi
esac


Tom Pietschmann
DST Systems, Inc.
Kansas City, MO
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mystradivarius
  • Locked
  • Question
Sun Fire V440 "I need help to replace server"
Replies
2
Views
513
mystradivarius
mystradivarius
ddrillich
  • Locked
  • Question
Changing the format of the uptime output
Replies
0
Views
441
ddrillich
ddrillich
egyassun
  • Locked
  • Question
SunOS confusing root directory and user home directory 1
Replies
4
Views
592
egyassun
egyassun
SamBones
  • Locked
  • Question
Is ZFS "largefile" Aware?
Replies
2
Views
207
AIXSolarisAdmin
AIXSolarisAdmin
forrie
  • Locked
  • Question
Oracle Solaris 11 and creating iSCSI LUN problems
Replies
0
Views
151
forrie
forrie

Part and Inventory Search

Sponsor

Back
Top