 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
This is standard practice here. It should be done for all system users
("oracle," "postgres," "www-data," etc.) and is considered a good idea.
We do it by setting the account password to disabled. On a conventional
password system (not PAM), you can just set the password field (where the
password hash would normally be stored) to '*' or, alternatively, use
"passwd -l oracle" to guarantee that no password can match the hash.
Since root can su as any user without a password, you can then set up a
sudo rule that allows selected users to become "oracle."
-- Mike
On 2000-05-08 at 12:02 -0400, John Abreau wrote:
> I've gotten a request from our DBA to modify the oracle login account so
> that users cannot login to it and must use "su" to access it. Is this
> doable without a lot of pain? What are the common ways of accomplishing
> this?
-
Subcription/unsubscription/info requests: send e-mail with
"subscribe", "unsubscribe", or "info" on the first line of the
message body to discuss-request at blu.org (Subject line is ignored).
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
