| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> RE: How to keep "root" out?
Wouldn't work if oraenv is run after an su to oracle. ;)
Quoting Freeman Robert - IL <FREEMANR_at_tusc.com>:
> Read the code again. It checks that the person running .oraenv is root, and
> if so, it does the init.
>
> RF
>
> -----Original Message-----
> To: Multiple recipients of list ORACLE-L
> Sent: 8/28/2003 12:14 PM
>
> but this assumes that oracle owner has privs to run init ... am not sure
> any root worth hir salt would let this happen.
>
> Raj
> ------------------------------------------------------------------------
> --------
> Rajendra dot Jamadagni at nospamespn dot com
> All Views expressed in this email are strictly personal.
> QOTD: Any clod can have facts, having an opinion is an art !
>
> -----Original Message-----
> Sent: Thursday, August 28, 2003 1:04 PM
> To: Multiple recipients of list ORACLE-L
>
>
> Put the following code snippet
>
> "if [ "$LOGNAME" = "root" ];
> then init 0
> fi;
>
> in your oraenv. I guarantee you that the SA will no longer be connecting
> as SYSDBA.
>
>
> --
> Mladen Gogala
> Oracle DBA
>
>
> -----Original Message-----
> Walter K
> Sent: Thursday, August 28, 2003 11:34 AM
> To: Multiple recipients of list ORACLE-L
>
>
> Just for grins, I'll ask this question... Is there any way to keep the
> Unix "root" user from logging into the database (i.e. connect internal
> or / as sysdba)? Currently using 8.1.7.4 on Solaris 8 here.
>
> We have a couple people in our Unix admin group that feel the need to
> "help" by writing their own DB monitoring scripts. Of course, they don't
> know what they're talking about. They do not have formal logins for the
> database, but since they are root users they are connecting via "connect
> internal". This is not only counterproductive but actually a potential
> security issue--just because someone has root doesn't necessarily
> entitle them to see the data in the database. What if it is a payroll
> database?
>
> So, I'm curious, is there any way to prevent access via "connect
> internal" or "/ as sysdba"?
>
> Thanks in advance.
>
> W
>
>
> Note:
> This message is for the named person's use only. It may contain
> confidential, proprietary or legally privileged information. No
> confidentiality or privilege is waived or lost by any mistransmission.
> If you receive this message in error, please immediately delete it and
> all copies of it from your system, destroy any hard copies of it and
> notify the sender. You must not, directly or indirectly, use, disclose,
> distribute, print, or copy any part of this message if you are not the
> intended recipient. Wang Trading LLC and any of its subsidiaries each
> reserve the right to monitor all e-mail communications through its
> networks. Any views expressed in this message are those of the
> individual sender, except where the message states otherwise and the
> sender is authorized to state them to be the views of any such entity.
>
>
>
> <<ESPN_Disclaimer.txt>>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Freeman Robert - IL
> INET: FREEMANR_at_tusc.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
-- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Denny Koovakattu INET: groups_at_koovakattu.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Thu Aug 28 2003 - 12:34:31 CDT
 |
 |