Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: Requirement to run as user SYS

RE: Requirement to run as user SYS

From: Hollis, Les <Les.Hollis_at_ps.net>
Date: Thu, 9 Dec 2004 09:54:51 -0600
Message-ID: <FCC960FDB92F5E469A02464FF72872F4030F2021@pscdalpexch50.perotsystems.net> 





Now that has got to be one of the most ridiculous management decisions I
have ever heard......



By "disable" I am assuming you mean to change the password or 'lock' the
account.




As a DBA you can still get in using / as sysdba  which enables you to do
anything you want.  It actually still dumpos you in as SYS.



I tested on one of my 9i DB's.  Locked the user sys account, exited,
logged in   '/ as sysdba',   did a shutdown/startup  and executed this
command....




SQL> show user


USER is "SYS"


SQL>



THIS AFTER I locked the account......





Select * from dba_users where username =3D 'SYS';  returned this





--
SYS                                     0 D4C5016086B2DC6A
LOCKED                           09-DEC-2004
SYSTEM                         TEMP
16-NOV-2004
DEFAULT                        SYS_GROUP


As you see it shows locked...but you are still sys....


Oh well.....I guess if it makes the idiot auditors happy to think they
found something on you and spineless management leaped through hoops to
appease them, I suppose it isn't ALL that terribly bad...you can STILL
log in as SYS using / as sysdba		whisper whisper....just don't
tell the auditors



It's all good   8~))


-----Original Message-----
From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Barbara Baker
Sent: Thursday, December 09, 2004 9:35 AM
To: oracle-l_at_freelists.org
Subject: Re: Requirement to run as user SYS

 Thanks, Dick.  I really appreciate your responses.
 It's a double-whammy.  We got "written up" by the auditors for using
 the SYS account, so management's response is that we just disable it.
 < sigh . . . >



> On Thu, 9 Dec 2004 09:24:48 -0500, Goulet, Dick <DGoulet_at_vicr.com>

wrote:


> > Barb,

> >

> >        I'll feel sorry for you for sure.  You've got one VERY

ignorant


> > auditor breathing down your throat and a management team that is

equally


> > ignorant and uncaring for letting this happen.  At least our

auditors


> > were savvy enough to know that SYS is a special account that we need

&


> > don't use excessively and left it out of their questions.

> >

--
http://www.freelists.org/webpage/oracle-l
--
http://www.freelists.org/webpage/oracle-l


Received on Thu Dec 09 2004 - 09:50:31 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US