Re: Oracle9i/AIX5.2: multiple sys (sysdba) passwords Question

From: Alvaro Fuentes <alvarof2_at_hotmail.com>
Date: Sun, 11 Jul 2004 13:35:18 -0500
Message-ID: <ccs0ru$dh4$1@ausnews.austin.ibm.com>

Sybrand Bakker wrote:

> On Sun, 11 Jul 2004 08:31:34 GMT, "A. Fuentes" <alvarof2_at_hotmail.com>
> wrote:
> 
> 

>>Fellow Oracle users:
>>
>>I am running Oracle 9.2.0.2 on AIX 5.2.
>>
>>I did
>>
>>rm $ORACLE_HOME/dbs/orapw
>>
>>Thereafter I did, as the oracle:dba AIX user:
>>
>>orapwd file=$ORACLE_HOME/dbs/orapw password=changed entries=30
>>
>>(the orapwd command executed OK, no error returned),
>>and I can authenticate not only by running:
>>
>>sqlplus sys/"changed as sysdba"
>>
>>but with some other passwords.
>>
>>How is this possible? (Shouldn't the password "changed" be unique and the
>>only one for sys (as sysdba)?
>>
>>Any light on this issue will be greatly appreciated.
>>
>>
>>Best,
>>
>>A. Fuentes
>>512-297-9937
>>
>>

> 
> If you are on the server doing this and you installed the Oracle files
> are owned by the Unix group  dba, yes: you can use anything to
> connect, by design. On Unix platforms all users in the dba group have
> SYSDBA privilege, by design.
> Right now, you have several options:
> - Make sure the Oracle password can't be guessed
> - Remove all other users from the dba group
> - If you still think there are people who will misuse the Oracle
> account, make sure they are fired.
> 
> And of course, this is documented in the installation manual no one
> cares to read.
> 
> 
> --
> Sybrand Bakker, Senior Oracle DBA

But in this situation, is NOT that several users in the dba group can connect as sysdba. Oracle is the ONLY user in the dba group and SYS is the ONLY user with SYSDBA grant.

This situation refers to SYS as SYSDBA being able to use other password different that the one set by the command orapwd.

Again any light on this issue greatly appreciated.

1. Fuentes 512-297-9937

Received on Sun Jul 11 2004 - 13:35:18 CDT