From oracle-l-bounce@freelists.org Wed Jun 16 11:04:36 2004 Return-Path: Received: from air189.startdedicated.com (root@localhost) by orafaq.com (8.11.6/8.11.6) with ESMTP id i5GG4BD09226 for ; Wed, 16 Jun 2004 11:04:21 -0500 X-ClientAddr: 206.53.239.180 Received: from turing.freelists.org (freelists-180.iquest.net [206.53.239.180]) by air189.startdedicated.com (8.11.6/8.11.6) with ESMTP id i5GG40609157 for ; Wed, 16 Jun 2004 11:04:10 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 17E7272C4DC; Wed, 16 Jun 2004 10:48:29 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 06845-44; Wed, 16 Jun 2004 10:48:28 -0500 (EST) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 5B38672C0FD; Wed, 16 Jun 2004 10:48:28 -0500 (EST) Received: with ECARTIS (v1.0.0; list oracle-l); Wed, 16 Jun 2004 10:47:06 -0500 (EST) X-Original-To: oracle-l@freelists.org Delivered-To: oracle-l@freelists.org Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 39C5172C043 for ; Wed, 16 Jun 2004 10:47:04 -0500 (EST) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 05227-57 for ; Wed, 16 Jun 2004 10:47:03 -0500 (EST) Received: from smtpgate.vicr.com (smtpgate.vicr.com [207.141.187.5]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 98E8272C0EC for ; Wed, 16 Jun 2004 10:47:03 -0500 (EST) Received: from 25exch1.vicorpower.vicr.com ([172.20.20.30]) by exchgate.vicorpower.vicr.com with Microsoft SMTPSVC(5.0.2195.6713); Wed, 16 Jun 2004 12:07:30 -0400 X-MimeOLE: Produced By Microsoft Exchange V6.0.6249.0 content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C453BC.06B2B0AC" Subject: RE: Connecting as sysdba Date: Wed, 16 Jun 2004 12:07:30 -0400 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Connecting as sysdba Thread-Index: AcRTN/gH/xjpG8jERD6Xoaj6btSDZQAgJcDQ From: "Zeng, Lei" To: X-OriginalArrivalTime: 16 Jun 2004 16:07:30.0574 (UTC) FILETIME=[06C4E2E0:01C453BC] X-Virus-Scanned: by amavisd-new at freelists.org X-archive-position: 2814 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-To: oracle-l-bounce@freelists.org X-original-sender: LZeng@vicr.com Precedence: normal Reply-To: oracle-l@freelists.org X-list: oracle-l X-Virus-Scanned: by amavisd-new at freelists.org ------_=_NextPart_001_01C453BC.06B2B0AC Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Is your database using OS authentication? When a member of Unix 'dba' group logged in, could you try 'show user' command in sqlplus to see what is showing up? If it shows as 'sys', it is automatically granted sysdba. Lei _____ =20 From: Catherine LeBlanc [mailto:cleblan2@abacus.bates.edu]=20 Sent: Tuesday, June 15, 2004 8:22 PM To: oracle-l@freelists.org Subject: RE: Connecting as sysdba I believe you do not need to have sysdba granted explicitly to a user if they are logged into the database server as a UNIX user that is a member of UNIX dba (sysdba) group. In this case you can connect as sysdba even if your oracle user account doesn't show up in v$pwfile_users. I have tested this because I have a similar problem in that I want to prevent programmers logged into our UNIX application software owner account from connecting as sysdba. I have not figured out how to do this, and I cannot easily change the application software owner account. Ideas anyone? Catherine LeBlanc=20 At 01:00 PM 6/1/2004, Zeng, Lei wrote: To my knowledge, for a user account to be able to 'connect as sysdba', it needs to be granted 'SYSDBA' privilege (use 'GRANT SYSDBA to USER' command). To check which user account is currently having SYSDBA privilege, query table v$PWFILE_USERS . =09 Lei =09 -----Original Message----- From: syed jaffar hussain [mailto:sjaffarhussain@hotmail.com]=20 Sent: Sunday, May 30, 2004 9:57 AM To: oracle-l@freelists.org Subject: Connecting as sysdba =09 Hello list, =09 I have noticed onething, when I logon to my UNIX as oracle user, I am able to connect to the database as sysdba from any database user. =09 Sqlplus /nolog Connect user_1/password as sysdba; =09 I want to prevent all DB users, except sys, to connect as sysdba. How can I do it? I tried to change the remote_login_passwordfile values but vain. =09 Is this expected behaviour or do I have to change anything in the init.ora file? =09 Regds Jaffar ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com =20 ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html =09 ----------------------------------------------------------------- ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com =20 ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html =09 -----------------------------------------------------------------=20 ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------=20 ------_=_NextPart_001_01C453BC.06B2B0AC Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable
Is your database using OS=20 authentication?
When a member of Unix 'dba' group logged = in, could you=20 try 'show user' command in sqlplus to see what is showing=20 up?
If it shows as 'sys', it is automatically = granted=20 sysdba.
Lei


From: Catherine LeBlanc=20 [mailto:cleblan2@abacus.bates.edu]
Sent: Tuesday, June 15, = 2004 8:22=20 PM
To: oracle-l@freelists.org
Subject: RE: = Connecting as=20 sysdba

I believe you do not need to have sysdba granted explicitly = to a user=20 if they are logged into the database server as a UNIX user that is a = member of=20 UNIX dba (sysdba) group. In this case you can connect as sysdba even if = your=20 oracle user account doesn't show up in v$pwfile_users. I have tested = this=20 because I have a similar problem in that I want to prevent programmers = logged=20 into our UNIX application software owner account from connecting as = sysdba. I=20 have not figured out how to do this, and I cannot easily change the = application=20 software owner account. Ideas anyone?

Catherine LeBlanc

At 01:00 = PM=20 6/1/2004, Zeng, Lei wrote:
To my knowledge, for a = user account=20 to be able to 'connect as sysdba',
it needs to be granted 'SYSDBA'=20 privilege (use 'GRANT SYSDBA to USER'
command). To check which user = account=20 is currently having SYSDBA
privilege, query table v$PWFILE_USERS=20 .

Lei

-----Original Message-----
From: syed jaffar = hussain=20 [mailto:sjaffarhussain@hotmail.com]
Sent: = Sunday, May=20 30, 2004 9:57 AM
To: oracle-l@freelists.org
Subject: Connecting = as=20 sysdba

Hello list,

I have noticed onething, when I logon = to my=20 UNIX as oracle user, I am
able to connect to the database as sysdba = from=20 any database user.

Sqlplus /nolog
Connect user_1/password as = sysdba;

I want to prevent all DB users, except sys, to connect = as=20 sysdba. How
can I do it? I tried to change the = remote_login_passwordfile=20 values but
vain.

Is this expected behaviour or do I have to = change=20 anything in the
init.ora=20 = file?

Regds
Jaffar
-----------------------------------------= -----------------------
Please=20 see the official ORACLE-L FAQ: http://www.orafaq.com
-------------------------= ---------------------------------------
To=20 unsubscribe send email to:  oracle-l-request@freelists.org=20 put
'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ= is at=20 http://www.freelists.org/help/fom-serve/cache/1.html
---------------------------------------------------------------------------------------------------------------------------------
Ple= ase=20 see the official ORACLE-L FAQ:
http://www.orafaq.com
-------------------------= ---------------------------------------
To=20 unsubscribe send email to:  oracle-l-request@freelists.org
put = 'unsubscribe' in the subject line.
--
Archives are at http://www.freelists.org/archives/oracle-l/
FAQ= is at=20 http://www.freelists.org/help/fom-serve/cache/1.html
-----------------------------------------------------------------=20
------------------------------------------------------------= ----=20 Please see the official ORACLE-L FAQ: http://www.orafaq.com=20 ---------------------------------------------------------------- To = unsubscribe=20 send email to: oracle-l-request@freelists.org put 'unsubscribe' in the = subject=20 line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ = is at=20 http://www.freelists.org/help/fom-serve/cache/1.html=20 ----------------------------------------------------------------- = ------_=_NextPart_001_01C453BC.06B2B0AC-- ---------------------------------------------------------------- Please see the official ORACLE-L FAQ: http://www.orafaq.com ---------------------------------------------------------------- To unsubscribe send email to: oracle-l-request@freelists.org put 'unsubscribe' in the subject line. -- Archives are at http://www.freelists.org/archives/oracle-l/ FAQ is at http://www.freelists.org/help/fom-serve/cache/1.html -----------------------------------------------------------------