SUMMARY: Remote Access restriction

From: Sugan Moodley <>
Date: Fri Feb 28 2003 - 02:55:42 EST
Original Message:

On Thu, Feb 27, 2003 at 03:17:38PM +0200, I wrote:
>I've got Sun Fire V880's running ORACLE databases on Solaris 8 02/02  with 
>the db user called oracle9.
>As part of our security policy it is required that this user not be allowed 
>to login via telnet/ssh but instead the DBA must login on his own staff 
>account and then su to the oracle user.
>I am trying to achieve this without third party software so as to keep the 
>system "neat and tidy" as possible. The solaris software companion CD is 
>also installed. However, if relevant, I would like to use this resource 
>only as a last resort. The reason for doing this is so that the Solaris OE 
>does not end up looking/feeling like linux. I guess this is just a purist 
>point of view and in no way implies that linux is bad or anything negative.
>Someone told me to change the shell to /bin/false but that means staff 
>cannot su at all to the account as well. Another option is to create some 
>kind of wrapper script as a shell and then maybe exec to a real shell if 
>requirements are met.
>Any creative way to solve this?

Thank you all for your replies. The general response was to use either of the two below:

Package: 	SMCsudo
Subject:	SUMMARY: sudo anyone?

Package: 	builtin?
Subject:	SUMMARY: RBAC on Solaris 8

Thanks to:

Tim Evans
Alan Bradley - CPX WC
Adam Ronthal
Hichael Morton
Tim Mohler
Mike Penny
Yura Pismerov
Alan Pae
Glass, David (UDB)
Gene Beaird
Stanley, Jon

Sugan Moodley
Unix Systems Administrator - Midrange Support 
2nd Floor ABSA Towers South, 160 Main Street, Johannesburg, 2001, South Africa
PO Box 7735, Johannesburg, 2000, South Africa
Office: (011) 350-6376  Fax: (011) 350-6228  Cell: 082 772 0392 E-Mail:

Pain is a thing of the mind.  The mind can be controlled.
                -- Spock, "Operation -- Annihilate!" stardate 3287.2
"The information contained in this communication is confidential and
may be legally privileged.  It is intended solely for the use of the
individual or entity to whom it is addressed and others authorised to
receive it.  If you are not the intended recipient you are hereby
notified that any disclosure, copying, distribution or taking action
in reliance of the contents of this information is strictly prohibited
and may be unlawful.  Absa is liable neither for the proper, complete
transmission of the information contained in this communication, nor 
for any delay in its receipt, nor for the assurance that it is 
sunmanagers mailing list
Received on Fri Feb 28 03:03:09 2003

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:04 EST