| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle9i/AIX5.2: multiple sys (sysdba) passwords Question
On Sun, 11 Jul 2004 08:31:34 GMT, "A. Fuentes" <alvarof2_at_hotmail.com>
wrote:
>Fellow Oracle users:
>
>I am running Oracle 9.2.0.2 on AIX 5.2.
>
>I did
>
>rm $ORACLE_HOME/dbs/orapw
>
>Thereafter I did, as the oracle:dba AIX user:
>
>orapwd file=$ORACLE_HOME/dbs/orapw password=changed entries=30
>
>(the orapwd command executed OK, no error returned),
>and I can authenticate not only by running:
>
>sqlplus sys/"changed as sysdba"
>
>but with some other passwords.
>
>How is this possible? (Shouldn't the password "changed" be unique and the
>only one for sys (as sysdba)?
>
>Any light on this issue will be greatly appreciated.
>
>
>Best,
>
>A. Fuentes
>512-297-9937
>
>
If you are on the server doing this and you installed the Oracle files
are owned by the Unix group dba, yes: you can use anything to
connect, by design. On Unix platforms all users in the dba group have
SYSDBA privilege, by design.
Right now, you have several options:
- Make sure the Oracle password can't be guessed - Remove all other users from the dba group - If you still think there are people who will misuse the Oracleaccount, make sure they are fired.
And of course, this is documented in the installation manual no one cares to read.
-- Sybrand Bakker, Senior Oracle DBAReceived on Sun Jul 11 2004 - 04:15:21 CDT
 |
 |