Re: DBAs running root.sh

From: Austin Hackett <hacketta_57_at_me.com>
Date: Mon, 03 Feb 2014 18:26:12 +0000
Message-id: <B7D2FD79-B696-4EA9-8B96-EB08DF69CD16_at_me.com>

Many thanks to everyone who has taken the time to reply - lot's of useful info for me to bring to future discussions. Very much appreciated...

On 3 Feb 2014, at 18:01, Matthew Zito <matt_at_crackpotideas.com> wrote:

>
> Wait - I forgot about one option that I alluded to in the first paragraph of my email - commercial sudo replacements that offer more advanced capabilities where they actually intercept systems calls to try to anticipate what users are (negatively) trying to do. They're expensive, complicated to run well, and usually people can figure out how to get around them. But they get used from time to time, especially at really big companies.
>
> One or two big companies I deal with have an intermediary solution, where they can "break glass" to get access to root for things like root.sh, but they have to go to a website, open a ticket with what they're doing, it gets approved, adn they get the root password, which is actually automatically generated. Tehy then log in with that password once, run root.sh, and then the password is changed automatically until the next person requests root access.
>
> Again, complicated and expensive.
>
> Matt

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Feb 03 2014 - 19:26:12 CET

This message: [ Message body ]
Next message: Hans Forbrich: "Re: DBAs running root.sh"
Previous message: Jonathan Lewis: "RE: Optimizing Big Index Build on Standard Edition"
Maybe in reply to: Austin Hackett: "DBAs running root.sh"
Next in thread: Hans Forbrich: "Re: DBAs running root.sh"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message