>Put the following code snippet > "if [ "$LOGNAME" = "root" ]; > then init 0 > fi; > in your oraenv. I guarantee you that the SA will no longer be connecting >as SYSDBA.
May be it will happen once. A smart SA will suppress it next time. OR he/she can always create another OS account with id = 0,gid (root) and then use that subsequently while trying to use oracle OR log in as 'x' which is a non root account and then su root, followed by cd $ORACLE_HOME, source .profile/oraenv, get going. GovindanK > MessageBetter yet, put the following lines > > echo ORA-600 [kgfdjjks] [scdcsc] [dssdcdcsdc] [45] [999] Unauthorized root > access > > then print some garbage into a file named like the regular trace files in > user_dump_dest directory. Open up a iTAR and show this "trace" file to > your SA's manager, along with the TAR number. Let the fun begin. > ----- Original Message ----- > From: Mladen Gogala > To: Multiple recipients of list ORACLE-L > Sent: Thursday, August 28, 2003 1:04 PM > Subject: RE: How to keep "root" out? > > > Put the following code snippet > > "if [ "$LOGNAME" = "root" ]; > then init 0 > fi; > > in your oraenv. I guarantee you that the SA will no longer be connecting > as SYSDBA. > > > -- > Mladen Gogala > Oracle DBA > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Walter K > Sent: Thursday, August 28, 2003 11:34 AM > To: Multiple recipients of list ORACLE-L > Subject: How to keep "root" out? > > > Just for grins, I'll ask this question... Is there any way to keep the > Unix "root" user from logging into the database (i.e. connect internal > or / as sysdba)? Currently using 8.1.7.4 on Solaris 8 here. > > We have a couple people in our Unix admin group that feel the need to > "help" by writing their own DB monitoring scripts. Of course, they > don't know what they're talking about. They do not have formal logins > for the database, but since they are root users they are connecting > via "connect internal". This is not only counterproductive but > actually a potential security issue--just because someone has root > doesn't necessarily entitle them to see the data in the database. What > if it is a payroll database? > > So, I'm curious, is there any way to prevent access via "connect > internal" or "/ as sysdba"? > > Thanks in advance. > > W > -- Please see the official ORACLE-L FAQ: http://www.orafaq.net -- Author: Corniche Park INET: [EMAIL PROTECTED] Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
