Oracle FAQ Your Portal to the Oracle Knowledge Grid

Home -> Community -> Mailing Lists -> Oracle-L -> RE: How to keep "root" out?

RE: How to keep "root" out?

From: Brian Dunbar <>
Date: Tue, 02 Sep 2003 07:54:27 -0800
Message-ID: <>

Replying to the original post;

Walter K <> on Thursday, August 28, 2003 6:34 PM said;

> Just for grins, I'll ask this question... Is there any way to keep the
Unix "root" user from logging into the
> database (i.e. connect internal or / as sysdba)? Currently using
on Solaris 8 here.

> We have a couple people in our Unix admin group that feel the need to
"help" by writing their own DB monitoring
> scripts. Of course, they don't know what they're talking about.

My perspective is as the system admin who owns the boxes where the databases live, and as caretaker of some of the applications aboard those servers.

You can jump through hoops to keep root out of the database, but you run the great risk of locking yourself out of the database if as a last resort access is somehow removed for all users. That is what root is for, after all. If you can't trust your admins, you've got bigger problems than this.

My suggestion (echoed by others here) is to work with your admins, and tell them why what they are doing is a bad idea. If you can give them their own 'backdoor' to the database or a safe way to view the data, you'll both be better off.


Please see the official ORACLE-L FAQ:
Author: Brian Dunbar

Fat City Network Services    -- 858-538-5051
San Diego, California        -- Mailing list and web hosting services
To REMOVE yourself from this mailing list, send an E-Mail message
to: (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Tue Sep 02 2003 - 10:54:27 CDT

Original text of this message