Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: Anyway to allow root to 'sqlplus / as sysdba'??

Re: Anyway to allow root to 'sqlplus / as sysdba'??

From: Mark Bole <makbo_at_pacbell.net>
Date: Sun, 27 Nov 2005 21:34:25 GMT
Message-ID: <BDpif.27519$tV6.26017@newssvr27.news.prodigy.net> 





yong321_at_yahoo.com wrote:



> Rhugga wrote:

> 


>>Denying root access was hard-coded in oracle 7.x/8x/9.x but I thought I




> 

> ...

> 

> Can you elaborate a little more? You may have a point but I don't quite

> get it. Where do you see that Oracle 7-9 is hardcoded to deny root

> access and why is raw socket I/O on pty's relevant here? Thanks.




There is nothing hard-coded about root and SYSDBA.  You are simply 
incorrectly using some basic Unix (in my example, RH Linux) functionality.



Note what happens when root has gid=0 and is a member of the dba group:



% id


uid=0(root) gid=0(root) groups=0(root),[...],101(dba)
% sqlplus "/ as sysdba"


SQL*Plus: Release 9.2.0.6.0 - Production on Sun Nov 27 13:18:58 2005
ERROR:



ORA-01031: insufficient privileges



Now note what happens when root has a gid=101(dba).



% newgrp dba	[initiates new login shell]
% id


uid=0(root) gid=101(dba) groups=0(root),[...],101(dba)
% sqlplus "/ as sysdba"


SQL*Plus: Release 9.2.0.6.0 - Production on Sun Nov 27 13:19:24 2005
Connected to an idle instance.



Having demonstrated the possibility, I concur completely with everyone 
else that there should be no legitimate business need to do this.



-Mark Bole
Received on Sun Nov 27 2005 - 15:34:25 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US