Re: DBAs running root.sh
From: Norman Dunbar <oracle_at_dunbar-it.co.uk>
Date: Mon, 03 Feb 2014 20:31:49 +0000
Message-ID: <52EFFCB5.5000803_at_dunbar-it.co.uk>
Evening Austin,
Date: Mon, 03 Feb 2014 20:31:49 +0000
Message-ID: <52EFFCB5.5000803_at_dunbar-it.co.uk>
Evening Austin,
On 03/02/14 17:08, Austin Hackett wrote:
> Hi List
>
> If you work in a security conscious environment, I'd be keen to hear how your site handles the root.sh script.
Some places I've worked allowed root access directly (logging in with
the password), others had a secure shell type setup where we had to
execute a "special" command set up by the security team which allowed us
to login as root (using our own password) and which logged who we were
and everything we did while running as root. Other places used sudo,
with a limited set of allowed calls.
I much prefer the latter, it's more secure and limits the processes that can be run.
HTH
Cheers,
Norm.
-- Norman Dunbar Dunbar IT Consultants Ltd Registered address: 27a Lidget Hill Pudsey West Yorkshire United Kingdom LS28 7LG Company Number: 05132767 -- http://www.freelists.org/webpage/oracle-lReceived on Mon Feb 03 2014 - 21:31:49 CET