stop su - oracle as root
simple question is it possible to prompt root users to enter a password when starting Oracle
for example log in as root
su - oracle
/ as sysdba
I need to stop this as it downst require a password,,,, Operating systems Solaris and linux
for example log in as root
su - oracle
/ as sysdba
I need to stop this as it downst require a password,,,, Operating systems Solaris and linux
There are a lot of links out there that talk about restricting root login as well as restricting database login.
Which one are you really after?
Which one are you really after?
ASKER
still looking for a way to stop this so that any user starting Oracle needs to enter a password. Even if the user is root
If you can figure out a way, then Oracle cannot shutdown or restart properly when the server shuts down or reboots?
I really can't think of a way for stop this from happening unless you restrict direct logins as root and the oracle user.
I really can't think of a way for stop this from happening unless you restrict direct logins as root and the oracle user.
you could restrict remote login to root using ssh, then only allow administrators to su - root. By doing this you know who is changing to root at the time the database is started.
as already stated root is all powerful for a reason. If your System Administrator can't cooperate and not start the database without the DBA there are procedural issues also.
as already stated root is all powerful for a reason. If your System Administrator can't cooperate and not start the database without the DBA there are procedural issues also.
Many shops secure direct root login and run probrams like sudo to restrict/track individual user commands.
This may not keep someone from starting the database but it will tell you 'who' did it.
This may not keep someone from starting the database but it will tell you 'who' did it.
The short answer is You can not limit root.
As others pointed out using sudo to control what specific individuals can and can not do is the only way.
As long as a user can not run su - to gain root level access or sudo <Shell name> or sudo <any editor> the user would need to know the oracle user loggin or run the dbstart/dbstop scripts.
Are you the DB admin who wants to limit the rights of a systems Admin?
As others pointed out using sudo to control what specific individuals can and can not do is the only way.
As long as a user can not run su - to gain root level access or sudo <Shell name> or sudo <any editor> the user would need to know the oracle user loggin or run the dbstart/dbstop scripts.
Are you the DB admin who wants to limit the rights of a systems Admin?
I think this is what you might want to try but I am not a dba so you should research it more.
http://oracle.ittoolbox.com/groups/technical-functional/oracle-db-l/disable-connecting-sys-as-sysdba-and-sysman-557532
or there are some solutions here
http://www.orafaq.com/forum/t/21698/2/
http://oracle.ittoolbox.com/groups/technical-functional/oracle-db-l/disable-connecting-sys-as-sysdba-and-sysman-557532
thanks for all your help=2E it really worked well=2E all i had to do was to remove the ORA_DBA privilege from the administrator account=2E Now no one can connect to sys without a password or sysman using the default password=2E thank you very much=2E somebody also told to use SQLNET=2EAUTHENTICATION_SERVICES =3D NONE in the sqlnet=2Eora file=2E is it required?
thanks=2E
or there are some solutions here
http://www.orafaq.com/forum/t/21698/2/
The information in that link is a BAD idea. Oracle needs to shutdown the database gracefully when the server is shut down.
You follow that link and it will not shut down properly.
You follow that link and it will not shut down properly.
slightwv - which one, I am curious. I am not a dba so would like to know for future reference.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
as 'oracle', it can to whatever it wants to the database.