Very recently , for audit purpose , we want to avoid generic users like "oracle" for login to our Database Server.
So we create a sudo user "db_user".
But while running sqlplus , we want to switch to user "oracle" and execute it .
Here we dont want to give , password of oracle , rather than ,we need to give sudo password ( which is "db_user" password. )
You will need something in sudo. If not it, then what?
But you can configure sudo to only allow specific users, like db_user, to switch to oracle. You do not need to hand your system a security blank cheque.
Do you mean a sudo user db_user, or a pseudo-user? The former has rules to execute commands with privileges of another account, where the latter is a pretend or non-personal account.
I'm just confused
If you want to login as db_user, but then get it to run commands as oracle, you will need to write a sudo rule to allow that.
It could require the db_user password or no password, but all actions will be attributed to the account db_user.
Would it not be better to have people use a personal account and give them the privilege to run the required commands as account oracle instead?
What sort of commands are you wanting to allow it to run? If it is to start/stop the database instance, this can be done during the boot/shutdown automatically which may be better all round.
Hi,
If you want to use all the commands and privileges like oracle --> in sudoers file gives permission for db_user to switch to oracle. You can access with " #sudo su - oracle " which will not ask for password.
If you want to run only specific commands --> then give permission for only that commands in the sudoers file.