Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Restricting logins on non-root accounts

This is standard practice here.  It should be done for all system users
("oracle," "postgres," "www-data," etc.) and is considered a good idea.

We do it by setting the account password to disabled.  On a conventional
password system (not PAM), you can just set the password field (where the
password hash would normally be stored) to '*' or, alternatively, use
"passwd -l oracle" to guarantee that no password can match the hash.

Since root can su as any user without a password, you can then set up a
sudo rule that allows selected users to become "oracle."

-- Mike

On 2000-05-08 at 12:02 -0400, John Abreau wrote:

> I've gotten a request from our DBA to modify the oracle login account so
> that users cannot login to it and must use "su" to access it. Is this
> doable without a lot of pain? What are the common ways of accomplishing
> this?

Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at (Subject line is ignored).

BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix /