Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Prevent Root access from database
Billy wrote:
> PhilB wrote:
>
>>Weve got a new security drive underway in our organisation, one of the >>concerns that was raised was that access to the database on our unix >>server should be prevented from the root user. I'm preparing to put >>the argument that the root user is the system admin and as a result can >>do anything, e.g "su" to oracle user account and gain access via a >>"connect / as sysdba" (even if we remove sysdba, surely root can put it >>back !) Is this correct , anyone got any experience of preventing root >>users getting into the database to see the data ?.
I understand your sentiment but it is no longer reasonable in the US and some other countries to take that approach.
If root can access the database, without auditing, then you have a clear cut violation of United States Federal law.
You may not like the law ... but the chance of you changing it are a very small finite number that looks alot like a zero.
-- Daniel A. Morgan http://www.psoug.org damorgan_at_x.washington.edu (replace x with u to respond)Received on Thu Jul 28 2005 - 02:51:25 CDT