Re: How to keep "root" out?

[Arup Nanda]

Title: Message

Better yet, put the following lines   echo ORA-600 [kgfdjjks] [scdcsc] [dssdcdcsdc] [45] [999] Unauthorized root access   then print some garbage into a file named like the regular trace files in user_dump_dest directory. Open up a iTAR and show this "trace" file to your SA's manager, along with the TAR number. Let the fun begin. ----- Original Message ----- From: Mladen Gogala To: Multiple recipients of list ORACLE-L Sent: Thursday, August 28, 2003 1:04 PM Subject: RE: How to keep "root" out? Put the following code snippet   "if [ "$LOGNAME" = "root" ];     then init 0  fi;   in your oraenv. I guarantee you that the SA will no longer be connecting as SYSDBA.     -- Mladen Gogala Oracle DBA -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Walter K Sent: Thursday, August 28, 2003 11:34 AM To: Multiple recipients of list ORACLE-L Subject: How to keep "root" out? Just for grins, I'll ask this question... Is there any way to keep the Unix "root" user from logging into the database (i.e. connect internal or / as sysdba)? Currently using 8.1.7.4 on Solaris 8 here.   We have a couple people in our Unix admin group that feel the need to "help" by writing their own DB monitoring scripts. Of course, they don't know what they're talking about. They do not have formal logins for the database, but since they are root users they are connecting via "connect internal". This is not only counterproductive but actually a potential security issue--just because someone has root doesn't necessarily entitle them to see the data in the database. What if it is a payroll database?   So, I'm curious, is there any way to prevent access via "connect internal" or "/ as sysdba"?   Thanks in advance.   W   Note: This message is for the named person's use only.  It may contain confidential, proprietary or legally privileged information.  No confidentiality or privilege is waived or lost by any mistransmission.  If you receive this message in error, please immediately delete it and all copies of it from your system, destroy any hard copies of it and notify the sender.  You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. Wang Trading LLC and any of its subsidiaries each reserve the right to monitor all e-mail communications through its networks.  Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorized to state them to be the views of any such entity.