Re: Security Wonks ate my hamster.

From: Hans Forbrich <fuzzy.graybeard_at_gmail.com>
Date: Wed, 23 Mar 2016 07:49:00 -0600
Message-ID: <56F29ECC.1060703_at_gmail.com>

On 23/03/2016 6:54 AM, Howard Latham wrote:
> I am also the Sysadmin! And as I understand it certain things HAVE to
> be done as root.
>

And there are many things being done as root that do not require root.

The same with SYS and SYSTEM. A personal, and non-repudiatable, ID with appropriate privileges, is generally enough for the vast majority of daily operations.

It can be a good thing to use root only where root is required.

Many many DBAs do not realize, on a *nix system, all they require for most SYSDBA operations is to be part of the *nix 'dba' group, with an entry in the orapw file. The oracle user is NOT needed for most daily maintenance operations.

Same goes for root. In many cases, being a member of the 'wheel' group is sufficient. sudo can cover many of the remaining items.

As the book title goes, we've been given "Enough Rope to Shoot Ourselves in the Foot". And we took it - hook, line and sinker. Especially sinker.

/Hans

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Mar 23 2016 - 14:49:00 CET

This message: [ Message body ]
Next message: Andrew Kerber: "Re: Security Wonks ate my hamster."
Previous message: Rich J: "Re: Security Wonks ate my hamster."
In reply to: Howard Latham: "Re: Security Wonks ate my hamster."
Next in thread: Andrew Kerber: "Re: Security Wonks ate my hamster."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message