How to restrict logins to "su" only for a given account
(Doc ID 1003222.1)
Last updated on MAY 31, 2018
Applies to:Solaris Operating System - Version 8 6/00 U1 and later
Quite often it is a requirement of a site security policy that certain login accounts should not be accessed directly from a terminal or remote login but instead a user must first login as themselves and use the "su" command to become that other user. This provides an enhanced audit trail since the BSM audit id does not change when su is executed. It provides an audit trail for the assumed role but with the identity of the real user as well as providing an additional layer of security.
To view full details, sign in with your My Oracle Support account.
Don't have a My Oracle Support account? Click to get started!