| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: How to keep "root" out?
Sadly for you there is no way to stop them using it, you could check and
see of root is part of the dba group and have a sysadmin remove it.
and if you succeed then they need only to su - oracle and they can still
do it, this may then if configured show up in a su log.
I think you need to firstly discuss it with them and then if the response is unsuitable you need to document the facts and present it to your manager for him to determine what is acceptable.
Tough one to call
Cheers
--Received on Thu Aug 28 2003 - 11:09:48 CDT
=================================================
Peter McLarty E-mail: Peter.Mclarty_at_mincom.com Technical Consultant WWW: http://www.mincom.com APAC Technical Services Phone: +61 (0)7 3303 3461 Brisbane, Australia Mobile: +61 (0)402 094 238 Facsimile: +61 (0)7 3303 3048
=================================================
"If people did not sometimes do silly things, nothing intelligent would ever get done." - Ludwig Wittgenstein
=================================================
Mincom "The People, The Experience, The Vision"
=================================================
This transmission is for the intended addressee only and is confidential information. If you have received this transmission in error, please delete it and notify the sender. The contents of this e-mail are the opinion of the writer only and are not endorsed by the Mincom Group of companies unless expressly stated otherwise. Walter K <ora1034_at_sbcglobal.net> Sent by: ml-errors_at_fatcity.com 29/08/2003 01:34 AM Please respond to ORACLE-L To: Multiple recipients of list ORACLE-L <ORACLE-L_at_fatcity.com> cc: Subject: How to keep "root" out? Just for grins, I'll ask this question... Is there any way to keep the Unix "root" user from logging into the database (i.e. connect internal or / as sysdba)? Currently using 8.1.7.4 on Solaris 8 here. We have a couple people in our Unix admin group that feel the need to "help" by writing their own DB monitoring scripts. Of course, they don't know what they're talking about. They do not have formal logins for the database, but since they are root users they are connecting via "connect internal". This is not only counterproductive but actually a potential security issue--just because someone has root doesn't necessarily entitle them to see the data in the database. What if it is a payroll database? So, I'm curious, is there any way to prevent access via "connect internal" or "/ as sysdba"? Thanks in advance. W -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: INET: Peter.McLarty_at_mincom.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
 |
 |