My Oracle Support Banner

How to restrict logins to "su" only for a given account (Doc ID 1003222.1)

Last updated on DECEMBER 18, 2023

Applies to:

Solaris Operating System - Version 8 6/00 U1 and later
All Platforms


Quite often it is a requirement of a site security policy that certain login accounts should not be accessed directly from a terminal or remote login but instead a user must first login as themselves and use the "su" command to become that other user. This provides an enhanced audit trail since the BSM audit id does not change when su is executed. It provides an audit trail for the assumed role but with the identity of the real user as well as providing an additional layer of security.


To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.