How to restrict logins to "su" only for a given account
Last updated on MAY 31, 2018
Applies to:Solaris Operating System - Version 8 6/00 U1 and later
Quite often it is a requirement of a site security policy that certain login accounts should not be accessed directly from a terminal or remote login but instead a user must first login as themselves and use the "su" command to become that other user. This provides an enhanced audit trail since the BSM audit id does not change when su is executed. It provides an audit trail for the assumed role but with the identity of the real user as well as providing an additional layer of security.
Sign In with your My Oracle Support account
Don't have a My Oracle Support account? Click to get started
My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms