Individual usernames for the same login account


 
Thread Tools Search this Thread
Operating Systems Solaris Individual usernames for the same login account
# 8  
Old 08-12-2014
to audit activity, dont know but you can use something like this in that particular .profile:
Code:
# Set history on:
  HISTFILE=$HOME/.history_of.$LOGNAME.$$
  export HISTFILE

Either you take of $$ and have a history per user or use $$ to have a session history, but that means maybe a lot of tidying up on very regular basis

Last edited by vbe; 08-12-2014 at 09:00 AM..
# 9  
Old 09-13-2014
Linux

The best way to handle this kind of situation is to implement SUDO or RBAC.

RBAC will need a considerable effort and study though i have not seen/worked on any RBAC implementations.

SUDO is the easiest of all and the logging can be customized and routed to a separate log file. sufficient restrictions can be built into the configurations too.

Providing a application account password to a multiple users is the most dangerous way of giving access. if one user is to be removed access then you would have to reset password and provide the new one to every other user.

Implementing these king of restrictions is easy with SUDO/RBAC.

Since the post is old, hope you might have found a way already.

Good Luck ! Smilie
# 10  
Old 09-14-2014
Quote:
Originally Posted by masy
RBAC will need a considerable effort and study
...
Implementing these king of restrictions is easy with SUDO/RBAC.
Aren't you self contradicting with both of these statements?

---------- Post updated at 11:03 ---------- Previous update was at 10:40 ----------

Quote:
Originally Posted by fretagi
There is an application installed on a server, that has a unique login account, but many users are using it with the same login name! How can we overcame this by creating individual accounts for the same application login account?
There are several ways to allow different Solaris users to run your application with the shared login account. However, there would be no simple way, if any, to sort out who did what using the application unless the application logs record a session id for each event.

In the worst case scenario, i.e. two users login in and lauching the application at the very same time, you won't be able to sort them out.

As for how to do it, RBAC and sudo have already be suggested, which one to pick will beyond other factors depend on what Solaris release you are using (10 or 11).
# 11  
Old 09-15-2014
Can you describe what the users sees/does after the login? Are they locked in to the application or dropped to the command line?

If the application absolutely has to run as that user, then I'd be very tempted to set up individual accounts with a common group give them all a sudo privilege (by OS group) to allow them to all execute the specific command:-
Code:
sudo su - appl_id -c "/path/to/application parm1 parm2 ...."

I think you would add something like this with visudo:-
Code:
%user_group ALL=(root) NOPASSWD: su - appl_id -c "/path/to/application parm1 parm2 ...."

You can them script a simple startup script, a simple menu or force them all to run this at login so they are help within the application. Logging within the application is another matter though, but who am i will give you the real logged in user account. Don't be confused with whoami though. This may just give you the current process owner, in this case the application account.



Robin
# 12  
Old 09-15-2014
Beware that sudo is not part of a standard Solaris 10 (and older) installation so it might not be available on your system. On the other hand, RBAC is standard so here is the RBAC way to implement a similar feature:

- add the following line to /etc/security/prof_attr
Code:
MyApplication:::Allows multiple users to run my application:

- these ones to /etc/user_attr
Code:
testuser1::::profiles=MyApplication
testuser2::::profiles=MyApplication

- and finally, that one to /etc/security/exec_attr
Code:
MyApplication:suser:cmd:::/path/to/application:uid=appl_id;egid=appl_id

With these settings, both testuser1 and testuser2 will be able to run the "application" command as appl_id with this command:
Code:
$ pfexec /path/to/application

These 2 Users Gave Thanks to jlliagre For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Beginners Questions & Answers

Understanding the difference between individual BASH login scripts

Hello... and thanks in advance for reading this or offering me any assistance I'm trying to understand specific differences between the various login scripts... I understand the differences between interactive vs non-interactive and login vs non-login shells... and that's not where my question... (4 Replies)
Discussion started by: bodisha
4 Replies

2. Forum Support Area for Unregistered Users & Account Problems

I cannot login to my account

my username is coolatt..thanks to do needful. (3 Replies)
Discussion started by: coolatt
3 Replies

3. AIX

User Account Login Login on your AIX server

I want to learn AIX. I would like to find someone who would be willing to give me a login to their AIX home lab server. My intent is to poke around and discover the similarities and differences of AIX compared to other *NIXs. I am a UNIX admin so I can think of what some immediate concerns may... (1 Reply)
Discussion started by: perl_in_my_shel
1 Replies

4. AIX

AIX: Could not login using NIS Account?

Hi there, I am new to AIX environment, when I set up NIS Client for an AIX 5.3 Machine to connect to a Linux NIS Master, everything seems to be okie: /etc/passwd: +::0:0::: /etc/group: +: ps -ef | egrep "ypbind": /usr/lib/netsvc/yp/ypbind -ypsetme -ypsetme I can get all account... (0 Replies)
Discussion started by: quanba
0 Replies

5. UNIX for Dummies Questions & Answers

User account with no login shell

Hi All, I was reading a tutorial for Installing Tomcat on Linux machine. (http://www.puschitz.com/InstallingTomcat.html) Here the author had mentioned that: For security reasons I created a user account with no login shell for running the Tomcat server. My question is: 1. What is a User... (6 Replies)
Discussion started by: jw_amp
6 Replies

6. Linux

How to find remote Linux box login account without login in to that box?

Hi, How to find remote Linux box login account without login in to that box? I don't have login account at my remote Linux box. But I need who are all having login account. How do I findout? Thanks, --Muthu. (3 Replies)
Discussion started by: Muthuselvan
3 Replies

7. Post Here to Contact Site Administrators and Moderators

Can't login to my account

Moderator, I had to create a new user acct because my old one does not work. It will not allow me to login because of permissions problems. Can you please re-activate my old user id: gzs553 I think the email address for my old account is *****removed***** and once you reset my account,... (0 Replies)
Discussion started by: kflanigan
0 Replies

8. UNIX Desktop Questions & Answers

Does this forum offer a unix login account

How do you access a terminal and create a Unix user account. I am new to this form, so, is there a way to log on to a unix account that this forum offers to practice Unix. Is there a server available (somewhere) to users of this forum to access unix? So far the research I have found refers a person... (2 Replies)
Discussion started by: brendar
2 Replies

9. UNIX for Dummies Questions & Answers

Setting an account to be a non-login account automatically?

Is there a way to easily change an account to be a non login account (NP in the shadow) file? I know I can just edit the file but that is not what we want to do. We use access control software and want to provide a way to set an account to be non-login using simple commands that can be mapped... (0 Replies)
Discussion started by: LordJezo
0 Replies

10. HP-UX

heads up unable tp login using ordinary account

Hi Mentors, I have a unix box HPC8000 HPUX 11.11 had just a problem loging in on CDE using ordinary account. The problem looks like this when an ordinary account will login to it will automatically closed and the login promtp will appear. If the root will login no problem at all. I tried... (0 Replies)
Discussion started by: eykyn17
0 Replies
Login or Register to Ask a Question