I don't know if this will work. But I'd write an external procedure (a shell) that checks the OS userid that's logging into the database... (may be "who am i", it works even with "su")
------------------- bash-2.04# id uid=0(root) gid=0(root) groups=0(root),48(apache) bash-2.04# su - oracle oracle::/home/oracle> who am i costos!root pts/1 Aug 28 16:45 oracle::/home/oracle> ------------------- I'd put this code in the logon trigger..... I'm not sure if this will work with "internal" user... Greetings Diego Cutrone >Just for grins, I'll ask this question... Is there any >way to keep the Unix "root" user from logging into the >database (i.e. connect internal or / as sysdba)? >Currently using 8.1.7.4 on Solaris 8 here. > >We have a couple people in our Unix admin group that vfeel the need to "help" by writing their own DB >monitoring scripts. Of course, they don't know what >t>hey're talking about. They do not have formal logins >for the database, but since they are root users they >are connecting via "connect internal". This is not >only counterproductive but actually a potential >security issue--just because someone has root doesn't >necessarily entitle them to see the data in the >database. What if it is a payroll database? > >So, I'm curious, is there any way to prevent access >via "connect internal" or "/ as sysdba"? > >Thanks in advance. W ------------ Internet GRATIS es Yahoo! Conexi�n 4004-1010 desde Buenos Aires. Usuario: yahoo; contrase�a: yahoo M�s ciudades: http://conexion.yahoo.com.ar -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: =?iso-8859-1?q?Diego=20Cutrone?= INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
