Home » RDBMS Server » Security » Locking the system user id in oracle (11.2.0.2 Linux)
Locking the system user id in oracle [message #622474] Tue, 26 August 2014 15:37 Go to next message
evoradba
Messages: 111
Registered: April 2005
Location: Canada
Senior Member
Hello
is there any risk in locking out the system user id in Oracle? this is for security reasons, as for the sys i have already removed any remote logins not to be allowed

thank you
Re: Locking the system user id in oracle [message #622486 is a reply to message #622474] Wed, 27 August 2014 00:58 Go to previous messageGo to next message
Michel Cadot
Messages: 66437
Registered: March 2007
Location: Nanterre, France, http://...
Senior Member
Account Moderator

What kind of risks have you in mind?
Risk against which other solution? Not locking the account? Dropping the account? Other?
Please clarify and specify your question.

[Updated on: Wed, 27 August 2014 00:59]

Report message to a moderator

Re: Locking the system user id in oracle [message #622540 is a reply to message #622486] Wed, 27 August 2014 08:59 Go to previous messageGo to next message
evoradba
Messages: 111
Registered: April 2005
Location: Canada
Senior Member
HI
What i would like to know is if we lock the System account in oracle is there any potential risks associated with that?
thanks again
Re: Locking the system user id in oracle [message #622542 is a reply to message #622540] Wed, 27 August 2014 09:07 Go to previous messageGo to next message
John Watson
Messages: 7933
Registered: January 2010
Location: Global Village
Senior Member
If you lock the account, no-one can connect to it. That's all. Can you explain the question a bit more? Risk of what?
Re: Locking the system user id in oracle [message #622543 is a reply to message #622540] Wed, 27 August 2014 09:07 Go to previous messageGo to next message
Lalit Kumar B
Messages: 3131
Registered: May 2013
Location: World Wide on the Web
Senior Member
Lock the sys account? Why? A user not having the necessary privileges would not be able to login as sys. So why the question to lock?
Re: Locking the system user id in oracle [message #622544 is a reply to message #622540] Wed, 27 August 2014 09:09 Go to previous messageGo to next message
BlackSwan
Messages: 26538
Registered: January 2009
Location: SoCal
Senior Member
It is harmless so please proceed & if this is not correct you can blame me for the negative consequences.
Re: Locking the system user id in oracle [message #622548 is a reply to message #622543] Wed, 27 August 2014 09:31 Go to previous messageGo to next message
evoradba
Messages: 111
Registered: April 2005
Location: Canada
Senior Member
Im not going to lock the sys account only SYSTEM for security reasons and i not sure if there are any risks by doing so
thanks
Re: Locking the system user id in oracle [message #622549 is a reply to message #622548] Wed, 27 August 2014 09:34 Go to previous messageGo to next message
EdStevens
Messages: 1077
Registered: September 2013
Senior Member
evoradba wrote on Wed, 27 August 2014 09:31
Im not going to lock the sys account only SYSTEM for security reasons and i not sure if there are any risks by doing so
thanks


People have repeatedly asked why you want to lock the account. "for security reasons" is so vague as to be utterly meaningless.
You ask what risks would be entailed by locking the account. I'd turn that around and ask what risks are entailed by leaving it unlocked. Outline a scenario where you believe there is an unacceptable risk in leaving the account unlocked.
Re: Locking the system user id in oracle [message #622566 is a reply to message #622474] Wed, 27 August 2014 12:11 Go to previous messageGo to next message
John Watson
Messages: 7933
Registered: January 2010
Location: Global Village
Senior Member
Please accept apologies for hijacking your topic, evoradba. I've split the hijack off into a separate topic.
Re: Locking the system user id in oracle [message #622798 is a reply to message #622566] Fri, 29 August 2014 11:56 Go to previous messageGo to next message
evoradba
Messages: 111
Registered: April 2005
Location: Canada
Senior Member
no worries
Re: Locking the system user id in oracle [message #622959 is a reply to message #622549] Tue, 02 September 2014 09:21 Go to previous message
gazzag
Messages: 1082
Registered: November 2010
Location: Bristol, UK
Senior Member
Quote:

"for security reasons" is so vague as to be utterly meaningless.

I suspect that the OP is being harassed by a manager with half a story/idea.

OP> If this is indeed the case, explain that the SYSTEM account can be locked quite safely. Management should then be made aware that any administrative database tasks will have to be done directly on the server by first logging in to the database server as the Oracle software owner account, then the database as SYS - which could be considered a risk in itself - before unlocking the SYSTEM account to enable a login as that user.

HTH
-g
Previous Topic: Audit Client Utility Information
Next Topic: how to set umask value to 022 from sql * plus
Goto Forum:
  


Current Time: Sat Jun 15 19:34:33 CDT 2019