Cybersecurity

Hi all,
In order to allow only a set of users to telnet into the system I have placed the following code in /etc/profile

************************
istelnetuser=`who am i | awk '{print $1}'`
flag=`grep $istelnetuser /etc/telnet_users`
if [ $istelnetuser != admin ]
then
if [ -z "$flag" ]
then
echo "You are not allowed to login"
exit
fi
fi
****************************
where telnet_users is a file that contains all the users that can telnet the system. However, for security reasons root, oracle are not included in this file (i.e., they can not login directly). The problem is that when we reboot the system we want Oracle DB to start up. However, it fails due to not including oracle user in telnet users.
Any help that can achieve both the security and oracle startup goals.

Thanks
Regards

A couple of things come to mind but how are you doing this as far as startup? Is root running the startup script and doing a su - to the oracle user? I didn't notice a problem with su - user when the code was in /etc/profile.

Anyway, you could check to see if a terminal (psuedo, virtual, physical) was associated with the process and then check your file of authorized users. This should allow startup to have no problems.

Or, you could change startup to move a 'startup only' telnet_users file which allowed oracle account access to start the processes, and then moves that file and replaces it with the original once Oracle is started.

I'm sure there are more ways and will allow some others to voice their opinions.

One other thing - if you are concerned with security, why do you let anyone telnet? You should use ssh, IMHO.

Hi,
thank you very much...
I have add the user oracle to /etc/telnet_users in the script that starts Oracle and after starting oracle (at the end of the script) I remove the oracle user from the file and it works!