Just a thought. Grant the SYSDBA and SYSOPER privileges to some user you
have the password to. Then change the dba group in the file
$ORACLE_HOME/rdbms/lib/config.c (config.s in the case of Solaris) to some
other group (maybe invalid group) and relink oracle. You could use the
password protected user with SYSOPER and SYSDBA privilege to startup and
shutdown the database. "connect internal" or any form of OS authentication
should fail. I haven't tested this or used this. So try at your own risk. And
I don't think Oracle support would like this. ;)
Regards,
Denny
--
Denny Koovakattu
Quoting Mark Leith <[EMAIL PROTECTED]>:
> Should keep the Unix weenies from bugging your database for at least a
> short
> time, if all else fails! ;)
>
>
>
> -----Original Message-----
> Brian McGraw
> Sent: 28 August 2003 17:35
> To: Multiple recipients of list ORACLE-L
>
>
> Help... my database isn't coming up anymore!! ;)
>
> Brian
>
> -----Original Message-----
> Mark Leith
> Sent: Thursday, August 28, 2003 11:24 AM
> To: Multiple recipients of list ORACLE-L
>
> "rm -r *" at root.
>
> :>
>
>
>
> -----Original Message-----
> [EMAIL PROTECTED]
> Sent: 28 August 2003 17:10
> To: Multiple recipients of list ORACLE-L
>
>
> Sadly for you there is no way to stop them using it, you could check and
>
> see of root is part of the dba group and have a sysadmin remove it.
> and if you succeed then they need only to su - oracle and they can still
>
> do it, this may then if configured show up in a su log.
>
> I think you need to firstly discuss it with them and then if the
> response
> is unsuitable you need to document the facts and present it to your
> manager for him to determine what is acceptable.
>
>
> Tough one to call
>
> Cheers
>
>
> --
> =================================================
> Peter McLarty E-mail: [EMAIL PROTECTED]
> Technical Consultant WWW: http://www.mincom.com
> APAC Technical Services Phone: +61 (0)7 3303 3461
> Brisbane, Australia Mobile: +61 (0)402 094 238
> Facsimile: +61 (0)7 3303 3048
> =================================================
> "If people did not sometimes do silly things, nothing intelligent would
> ever
> get done."
> - Ludwig Wittgenstein
> =================================================
> Mincom "The People, The Experience, The Vision"
>
> =================================================
>
> This transmission is for the intended addressee only and is confidential
>
> information. If you have received this transmission in error, please
> delete it and notify the sender. The contents of this e-mail are the
> opinion of the writer only and are not endorsed by the Mincom Group of
> companies unless expressly stated otherwise.
>
>
>
>
>
>
> Walter K <[EMAIL PROTECTED]>
> Sent by: [EMAIL PROTECTED]
> 29/08/2003 01:34 AM
> Please respond to ORACLE-L
>
>
> To: Multiple recipients of list ORACLE-L
> <[EMAIL PROTECTED]>
> cc:
> Subject: How to keep "root" out?
>
>
> Just for grins, I'll ask this question... Is there any way to keep the
> Unix "root" user from logging into the database (i.e. connect internal
> or
> / as sysdba)? Currently using 8.1.7.4 on Solaris 8 here.
>
> We have a couple people in our Unix admin group that feel the need to
> "help" by writing their own DB monitoring scripts. Of course, they don't
>
> know what they're talking about. They do not have formal logins for the
> database, but since they are root users they are connecting via "connect
>
> internal". This is not only counterproductive but actually a potential
> security issue--just because someone has root doesn't necessarily
> entitle
> them to see the data in the database. What if it is a payroll database?
>
> So, I'm curious, is there any way to prevent access via "connect
> internal"
> or "/ as sysdba"?
>
> Thanks in advance.
>
> W
>
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author:
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Mark Leith
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
>
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Brian McGraw
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.512 / Virus Database: 309 - Release Date: 19/08/2003
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.net
> --
> Author: Mark Leith
> INET: [EMAIL PROTECTED]
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Denny Koovakattu
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
