How to restrict logins to "su" only for a given account

(Doc ID 1003222.1)

Last updated on JULY 29, 2016

Applies to:

Solaris Operating System - Version 8 6/00 U1 and later
All Platforms

Goal

Quite often it is a requirement of a site security policy that certain login accounts should not be accessed directly from a terminal or remote login but instead a user must first login as themselves and use the "su" command to become that other user. This provides an enhanced audit trail since the BSM audit id does not change when su is executed. It provides an audit trail for the assumed role but with the identity of the real user as well as providing an additional layer of security.

Solution

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms