Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Locking the SYS account.

RE: Locking the SYS account.

From: Polarski, Bernard <Bernard.Polarski_at_atosorigin.com>
Date: Wed, 3 Jan 2007 09:40:50 +0100
Message-ID: <25D4919915CCF742A88EE3366D6D913D1134F000@mailserver1> 





I don't think you can really lock or prevent the user sys to connect
into a DB:

 



http://www.lc.leidenuniv.nl/awcourse/oracle/server.920/a96524/c23acces.h
tm

 



as long as it is in the OS group dba, it will be able to connect into
the DB regardless of the lock, expire setting.

 



SQL> alter user sys account lock ;



User altered.



SQL> exit



[I changed my ORACLE_SID to  another DB to force use of listener and
remote login]



sqlplus 'sys/sys_at_asdb as sysdba'

 



SQL*Plus: Release 10.1.0.4.0 - Production on Wed Jan 3 09:30:27 2007

 



Copyright (c) 1982, 2005, Oracle.  All rights reserved.

 



Connected to:



Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - Production



With the Partitioning, OLAP and Data Mining options

 



SQL> select ACCOUNT_STATUS from dba_users where username = 'SYS' ;



ACCOUNT_STATUS







LOCKED


 

 

bp

 



From: Denham Eva [mailto:DEVA_at_mf.co.za] 
Sent: woensdag 3 januari 2007 9:19


To: oracle-l_at_freelists.org


Subject: Locking the SYS account.

 



This email is subject to Terms and Conditions as found in our Email
Legal Notice which forms part of this email message in terms of section
11 of the Electronic Communications and Transaction Act 25 of 2002.
Please click on http://www.mf.co.za/content/EMAIL_Legal_Notice.asp
<http://www.mf.co.za/content/EMAIL_Legal_Notice.asp>  , or send a blank
email to disclaim_at_mf.co.za <mailto:disclaim_at_mf.co.za> . By receiving,
reading or acting upon this email you will automatically be bound by the
terms of the  Email Legal Notice.



Mutual & Federal Insurance Company Limited



Authorised Financial Services Provider

 






Hi,

 



I am being pressured into changing users on some oracle servers with
regards to DBA accounts.



The client wants all these accounts to expire and some commonly known
accounts to be locked.



I have not yet tried to experiment with this and would like to know from
the community before actually trying this.

 



What if any are the implications of locking the SYS account?

 



TIA


Denham 



--
http://www.freelists.org/webpage/oracle-l


Received on Wed Jan 03 2007 - 02:40:50 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US