RE: How to keep "root" out?

Replying to the original post;

Walter K <mailto:ora1034_at_sbcglobal.net> on Thursday, August 28, 2003 6:34 PM said;

> Just for grins, I'll ask this question... Is there any way to keep the
Unix "root" user from logging into the
> database (i.e. connect internal or / as sysdba)? Currently using 8.1.7.4
on Solaris 8 here.

> We have a couple people in our Unix admin group that feel the need to
"help" by writing their own DB monitoring
> scripts. Of course, they don't know what they're talking about.

My perspective is as the system admin who owns the boxes where the databases live, and as caretaker of some of the applications aboard those servers.

You can jump through hoops to keep root out of the database, but you run the great risk of locking yourself out of the database if as a last resort access is somehow removed for all users. That is what root is for, after all. If you can't trust your admins, you've got bigger problems than this.

My suggestion (echoed by others here) is to work with your admins, and tell them why what they are doing is a bad idea. If you can give them their own 'backdoor' to the database or a safe way to view the data, you'll both be better off.

~brian

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.net
-- 
Author: Brian Dunbar
  INET: Brian.Dunbar_at_Plexus.com

Fat City Network Services    -- 858-538-5051 http://www.fatcity.com
San Diego, California        -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).