| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: root logging as internal
> .... they said that since root is a
> special account and can su to anything, they can log into Oracle as
> they see fit.
>
> I'm having a tough time believing this. So...
>
> 1) Is this true?
> 2) If there is a work around could you pls post it.
Answers
David P.
Oracle Certified DBA
aanon_1_at_hotmail.com wrote:
>
> Hello all,
>
> Hopefully there is a work around to this "issue". However, so far I
> have not been able to resolve it.
>
> Last week one of our UNIX admins took the liberty to log into Oracle
> via the internal account and created himself a Oracle ID. In essence
> he did this
>
> $ su - oracle
>
> $ svrmgrl
>
> svrmgr > connect internal
>
> And he was off to the races. Seeing that this is a gaping hole in our
> security I tried a variety of items including using the orapwd
> utility. I ended up calling Oracle, and they said that since root is a
> special account and can su to anything, they can log into Oracle as
> they see fit.
>
> I'm having a tough time believing this. So...
>
> 1) Is this true?
> 2) If there is a work around could you pls post it.
>
> I am aware of the audit files (.aud), but they are only useful after
> the fact.
>
> TIA,
>
> anon_1
>
> Sent via Deja.com http://www.deja.com/
> Before you buy.
Received on Tue Apr 04 2000 - 00:00:00 CDT
 |
 |