[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-date: Sun May 23 01:20:04 2004 -->
- <!--x-from-r13: gubznfjbbq ng znp.pbz (Fubznf Ibbq) -->
- <!--x-message-id: 766C5F28-AC78-11D8-AB5A-[email protected] -->
- <!--x-subject: [ale] Access Control Challenge -->
- <li><em>date</em>: Sun May 23 01:20:04 2004</li>
- <li><em>from</em>: thomaswood at mac.com (Thomas Wood)</li>
- <li><em>subject</em>: [ale] Access Control Challenge</li>
I'm trying to enforce a little developer control by using sudo to limit
who can be root and oracle. I've created groups in my sudoers file
such that I can become root and the DBAs can become oracle (and root
for some commands like mount/unmounts) but I need to prevent anybody
from logging in as Oracle directly. In other words, SUDO ONLY. The
easiest way for me to do this is change the oracle user password. Has
anyone else found a more elegant solution? I'd really like to keep my
DBAs in the loop, password-wise, but they don't need the password and I
think I can prevent them from changing it.
Any thoughts? And no, tcp wrappers doesn't let you filter by username.
Oh that it did. Also, I'm trying to avoid installing a firewall on my
DB, so please, no filter rulesets.
enjoy,
wood
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<ul><li><strong>Follow-Ups</strong>:
<ul>
<li><strong><a name="00962" href="msg00962.html">[ale] Access Control Challenge</a></strong>
<ul><li><em>From:</em> danscox at mindspring.com (Danny Cox)</li></ul></li>
<li><strong><a name="00972" href="msg00972.html">[ale] Access Control Challenge</a></strong>
<ul><li><em>From:</em> dhurst at kennesaw.edu (Dow Hurst)</li></ul></li>
</ul></li></ul>
<!--X-Follow-Ups-End-->
<!--X-References-->
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00899.html">[ale] Seth Nickell - Design Fu : mono</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00901.html">[ale] HP2100TN + CUPS</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00911.html">[ale] HP2100TN + CUPS</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00962.html">[ale] Access Control Challenge</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00900"><strong>Date</strong></a></li>
<li><a href="threads.html#00900"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>