| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: How to keep "root" out?
Read the code again. It checks that the person running .oraenv is root, and
if so, it does the init.
RF
-----Original Message-----
To: Multiple recipients of list ORACLE-L
Sent: 8/28/2003 12:14 PM
but this assumes that oracle owner has privs to run init ... am not sure any root worth hir salt would let this happen.
Raj
-----Original Message-----
Sent: Thursday, August 28, 2003 1:04 PM
To: Multiple recipients of list ORACLE-L
Put the following code snippet
"if [ "$LOGNAME" = "root" ];
then init 0
fi;
in your oraenv. I guarantee you that the SA will no longer be connecting as SYSDBA.
--
Mladen Gogala
Oracle DBA
-----Original Message-----
Walter K
Sent: Thursday, August 28, 2003 11:34 AM
To: Multiple recipients of list ORACLE-L
Just for grins, I'll ask this question... Is there any way to keep the Unix "root" user from logging into the database (i.e. connect internal or / as sysdba)? Currently using 8.1.7.4 on Solaris 8 here.
We have a couple people in our Unix admin group that feel the need to "help" by writing their own DB monitoring scripts. Of course, they don't know what they're talking about. They do not have formal logins for the database, but since they are root users they are connecting via "connect internal". This is not only counterproductive but actually a potential security issue--just because someone has root doesn't necessarily entitle them to see the data in the database. What if it is a payroll database?
So, I'm curious, is there any way to prevent access via "connect internal" or "/ as sysdba"?
Thanks in advance.
W
Note:
This message is for the named person's use only. It may contain
confidential, proprietary or legally privileged information. No
confidentiality or privilege is waived or lost by any mistransmission.
If you receive this message in error, please immediately delete it and
all copies of it from your system, destroy any hard copies of it and
notify the sender. You must not, directly or indirectly, use, disclose,
distribute, print, or copy any part of this message if you are not the
intended recipient. Wang Trading LLC and any of its subsidiaries each
reserve the right to monitor all e-mail communications through its
networks. Any views expressed in this message are those of the
individual sender, except where the message states otherwise and the
sender is authorized to state them to be the views of any such entity.
<<ESPN_Disclaimer.txt>>
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Freeman Robert - IL
INET: FREEMANR_at_tusc.com
Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting servicesto: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). Received on Thu Aug 28 2003 - 12:24:32 CDT
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
 |
 |