Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: restrict sysdba access

Re: restrict sysdba access

From: Howard J. Rogers <howardjr2000_at_yahoo.com.au>
Date: Sat, 10 Aug 2002 09:57:22 +1000
Message-ID: <3d5456b1@dnews.tpgi.com.au> 





I hate to say 'asked and aswered almost daily', but it is. In fact, this one
cropped up just three or so days ago.



You (and everyone else) really *ought* to know about the Google groups
search (www.google.com) if you don't already know about it. You'd find
answers there quicker on practically every subject under the sun.



Anyway: the cause of your 'problem' is that you have enabled O/S
authentication of privileged users. That means whichever user account you
are using to log on to the operating system hosting the Oracle database (and
you didn't specify whether you are using Unix or Windows, which you should
get into the habit of doing with every post you make) has been made a member
of a key O/S group.



Membership of that group grants the O/S user full access to the database
when the 'as sysdba' privilege is requested, without further challenge
(after all, you've proved who you are to the O/S, merely by logging in... so
why should Oracle challenge you further?). If you are a member of this
group, you could type 'connect jkfhsdjfhk/jhfgiwuhrkjfhksj as sysdba', and
you'd still be allowed to connect to the database... what you type as the
connect string is entirely and utterly ignored.



The groups concerned are 'dba' if you are on Unix, or ORA_DBA if you're on
Windows. (There can also be an ORA_sid_DBA group on Windows).



Remove your user account from one or other of these groups, and Oracle will
revert to using password file authentication for privileged users -which
means you'll have to supply precisely the correct password before admittance
to the database is allowed.



Regards


HJR



"toot" <toot_toot3_at_excite.com> wrote in message
news:MPG.17be12369753e6f0989681_at_news.rdu.bellsouth.net...


> I'm using Oracle 8.1.6

> I just did a fresh installation and created new database.

> I changed sys and system passwords and created a new user (newbduser).

>

> My problem is that if try to login as user "sys", "system", or

> "newdbuser" as SYSDBA. Put in an incorrect password. You will be given

> acess to the database.

>

> This does not work when trying to log in as NORMAL or SYSOPER.

>

> Any idea on what could be wrong??

>

> Thanks in advance,

> toot

>

Received on Fri Aug 09 2002 - 18:57:22 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US