| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: sysdba privileges and shutdown
Hello!
Actually its wrong. You could have remote_login_passwordfile as exclusive for example and you still can log on as sysdba without specifying password. It possible to log remotely as sysdba only when you have remote_login_pwdfile parameter as shared or exclusive.
You can log on as sysdba without password if Oracle thinks it's secure to let a user in. That means:
Unix:
The user has os group which is compiled into oracle executable (for OSOPER
or OSDBA internal oracle privilege). The relevant OS groups are usually
specified during Oracle software install.
Check $ORACLE_HOME/lib/config.c for occurencies of your dba group (or
config.s on Solaris)
You can actually change the groups in this file and new changes take effect
after you've relinked Oracle executable.
Windows:
The user has to have ORA_[SID_]DBA, ORA_[SID_]OPER privileges to be able to
log on as sysdba locally.
Also, sqlnet.ora parameter sqlnet.authentication_services whould include NTS
in the list, if I remember correctly.
Tanel.
> 1. the dba group is only allowed sysdba rights if
remote_login_password_file
> is not set to exclusive (IIRC). If it is set to exclusive you'd need to
> supply a password file. and
> 2. You only allow DBA's into the DBA os group surely. If your DBAs are a
> security risk you have real problems.
>
>
> --
> Niall Litchfield
> Oracle DBA
> Audit Commission UK
>
>
Received on Fri Mar 07 2003 - 12:17:51 CST
 |
 |