Re: How can I secure 'internal' from root?

From: Marcin Kasperski <marckasp_at_friko6.onet.pl>
Date: Thu, 01 Oct 1998 14:08:48 GMT
Message-ID: <Q1MQ1.483$1f.78339@news.tpnet.pl>

>The company I work for is looking for a way to lock the UNIX SA out of the
>Oracle database. I can't stop them from su'ing to oracle, but can I get
>svrmgrl to prompt for a password on internal ... like on NT systems? Can I
>protect a password file from the SA too?

Just a short opinion:
1) you can not protect any Unix file so that it would be unaccessible by root
2) even if you make svrmgrl to ask for a password, root can always

kill any processes he wants
read or delete any files he wants (including the database files)

If you are to protect the database data from root you must encrypt your database (i.e. use Trusted Oracle or sth similar). And even then he will be able to shutdown or corrupt the instance. Received on Thu Oct 01 1998 - 09:08:48 CDT