Re: DBAs running root.sh

From: Stojan Veselinovski <stojan.veselinovski_at_gmail.com>
Date: Wed, 5 Feb 2014 21:08:27 +1100
Message-ID: <CALn1tDvq7g3HsZJv-=SvEsNzk+wXfj4h1fMeZo=C3NZXBaeu9w_at_mail.gmail.com>

Its an interesting topic and I've had countless hours of discussion with sysadmins about DB servers being managed and run by DBA's.

If we wanted to do serious damage we could., regardless of any root account.

Any compromise like having sudo to commands is only a step away from kicking out to a root shell and away you go.

With the GI stack needing elevated privileges and for most shops its managed and run by DBA's it really does become a bit of a road block.

Patching GI, troubleshooting processes, strace, truss, etc, etc.

Not sure if there is a perfect answer but in my current place we have sudo to commands and root in "some" places and a good relationship with the sysadmins

Stojan
http://www.stojanveselinovski.com/blog

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Feb 05 2014 - 11:08:27 CET

This message: [ Message body ]
Next message: Freek D'Hooge: "request for srvctl output"
Previous message: Nagaraj S: "Re: Compliance Library"
In reply to: Austin Hackett: "DBAs running root.sh"
Next in thread: Luis: "Re: DBAs running root.sh"
Reply: Luis: "Re: DBAs running root.sh"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message