[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Tue May 25 10:25:58 2004 -->
- <!--x-from-r13: quhefg ng xraarfnj.rqh (Rbj Vhefg) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: 766C5F28-AC78-11D8-AB5A-[email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Access Control Challenge -->
- <li><em>date</em>: Tue May 25 10:25:58 2004</li>
- <li><em>from</em>: dhurst at kennesaw.edu (Dow Hurst)</li>
- <li><em>in-reply-to</em>: <<a href="msg00900.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00900.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Access Control Challenge</li>
Thomas Wood wrote:
> Having a bit of trouble coming up with a clean solution for this problem
> at work. Wanted to see if anybody else had bumped into it. I've
> already searched google and the answers, such as they were, aren't
> satisfactory. So here it is.
>
> I'm trying to enforce a little developer control by using sudo to limit
> who can be root and oracle. I've created groups in my sudoers file such
> that I can become root and the DBAs can become oracle (and root for some
> commands like mount/unmounts) but I need to prevent anybody from logging
> in as Oracle directly. In other words, SUDO ONLY. The easiest way for
> me to do this is change the oracle user password. Has anyone else found
> a more elegant solution? I'd really like to keep my DBAs in the loop,
> password-wise, but they don't need the password and I think I can
> prevent them from changing it.
>
> Any thoughts? And no, tcp wrappers doesn't let you filter by username.
> Oh that it did. Also, I'm trying to avoid installing a firewall on my
> DB, so please, no filter rulesets.
>
> enjoy,
> wood
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
--
__________________________________________________________
Dow Hurst Office: 770-499-3428 *
Systems Support Specialist Fax: 770-423-6744 *
1000 Chastain Rd. Bldg. 12 *
Chemistry Department SC428 Email: dhurst at kennesaw.edu *
Kennesaw State University Dow.Hurst at mindspring.com *
Kennesaw, GA 30144 *
************************************************************
This message (including any attachments) contains *
confidential information intended for a specific individual*
and purpose, and is protected by law. If you are not the *
intended recipient, you should delete this message and are *
hereby notified that any disclosure, copying, distribution *
of this message, or the taking of any action based on it, *
is strictly prohibited. *
************************************************************
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00900" href="msg00900.html">[ale] Access Control Challenge</a></strong>
<ul><li><em>From:</em> thomaswood at mac.com (Thomas Wood)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00971.html">[ale] Access Control Challenge</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00973.html">[ale] "Hardware" modem</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00997.html">[ale] Access Control Challenge</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00971.html">[ale] Access Control Challenge</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00972"><strong>Date</strong></a></li>
<li><a href="threads.html#00972"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>