My Oracle Support Banner

How to restrict logins to "su" only for a given account (Doc ID 1003222.1)

Last updated on MAY 31, 2018

Applies to:

Solaris Operating System - Version 8 6/00 U1 and later
All Platforms

Goal

Quite often it is a requirement of a site security policy that certain login accounts should not be accessed directly from a terminal or remote login but instead a user must first login as themselves and use the "su" command to become that other user. This provides an enhanced audit trail since the BSM audit id does not change when su is executed. It provides an audit trail for the assumed role but with the identity of the real user as well as providing an additional layer of security.

Solution

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.