Re: DBAs running root.sh

From: Norman Dunbar <oracle_at_dunbar-it.co.uk>
Date: Mon, 03 Feb 2014 20:31:49 +0000
Message-ID: <52EFFCB5.5000803_at_dunbar-it.co.uk>

Evening Austin,

On 03/02/14 17:08, Austin Hackett wrote:
> Hi List
>
> If you work in a security conscious environment, I'd be keen to hear how your site handles the root.sh script.
Some places I've worked allowed root access directly (logging in with the password), others had a secure shell type setup where we had to execute a "special" command set up by the security team which allowed us to login as root (using our own password) and which logged who we were and everything we did while running as root. Other places used sudo, with a limited set of allowed calls.

I much prefer the latter, it's more secure and limits the processes that can be run.

HTH Cheers,
Norm.

-- 
Norman Dunbar
Dunbar IT Consultants Ltd

Registered address:
27a Lidget Hill
Pudsey
West Yorkshire
United Kingdom
LS28 7LG

Company Number: 05132767
--
http://www.freelists.org/webpage/oracle-l

Received on Mon Feb 03 2014 - 21:31:49 CET

This message: [ Message body ]
Next message: Ric Van Dyke: "RE: training for new DBA's"
Previous message: Wayne Smith: "Re: training for new DBA's"
In reply to: Austin Hackett: "DBAs running root.sh"
Next in thread: Ram Srinivasan: "Re: DBAs running root.sh"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message