OraFAQ Forum: Server Administration » password for 9i startup/shutdown

Home » RDBMS Server » Server Administration » password for 9i startup/shutdown

Show: Today's Messages :: Polls :: Message Navigator
E-mail to friend

password for 9i startup/shutdown [message #58730]

Sun, 28 September 2003 02:42

M. Khaled
Messages: 67
Registered: April 2002

Member

Dear,

In Oracle 9i starting up database is as follows...
sqlplus /nolog
sql>connect /as sysdba
sql>startup

Anyone can do this and since he has sys privilige,he can do many thing.As such I want to maintain password for starting up/shutting down database.How could I do this.Please give me the deatails.....

Thanks in advance

Report message to a moderator

Re: password for 9i startup/shutdown [message #58732 is a reply to message #58730]

Sun, 28 September 2003 21:02

Mahesh Rajendran
Messages: 10707
Registered: March 2002
Location: oracleDocoVille

Senior Member
Account Moderator

ideally,
only OS 'oracle' user is supposed to do that.
else
make use of a password file.

Report message to a moderator

Re: password for 9i startup/shutdown [message #58748 is a reply to message #58730]

Mon, 29 September 2003 07:50

Thiru
Messages: 1089
Registered: May 2002

Senior Member

Anyone CANNOT do that. Only members of the 'dba' group(in Unix) or ORA_DBA group(Windows) will be able to connect os authenticated . So you will need to keep the 'oracle' user or any other members of the OSDBA group very secure.

If you do want to maintain passwords for starting up/shutdown , set
REMOTE_LOGIN_PASSWORDFILE=exclusive
and create a password file using 'orapwd' utility.You can then add users to this password file who can 'connect as sysdba' and perform dba activities.

see doc for mroe implementation details.

-Thiru

Report message to a moderator

Re: password for 9i startup/shutdown [message #58770 is a reply to message #58730]

Mon, 29 September 2003 23:48

dba2rescue
Messages: 5
Registered: September 2003

Junior Member

Hi there,

'SQL> connect / as sysdba' is possible only because the O/S user was used to install the oracle s/w and create the database which implies that he is a part of the ORA_DBA group (in Windows) or DBA group in Unix. try loggin in the o/s as a different user and then try starting the database as 'connect / as sysdba' you not be able to do that'

Regards,
DBA2RESCUE

Report message to a moderator

Re: password for 9i startup/shutdown [message #58825 is a reply to message #58730]

Thu, 02 October 2003 09:06

Sanjay
Messages: 236
Registered: July 2000

Senior Member

dba2rescue has a point. In fact all previous 3 posts have point.

Bottom line, have some security measure

1. passwords for SYS and SYSTEM should not be public.
2. limit users in ORA_DBA group (in Windows) or DBA group in Unix.
3. all users should be given generic logins and groups and still be able to run sqlplus and other utils. Startup and Shutdown should be limited to you (DBA) and in other common cases sys admins (your UNIX admin or Windows Amin).
4. Use password file (see other threads)

Good luck.

Report message to a moderator

Previous Topic:	Best OS platform for 9i?
Next Topic:	Oracle Database Configuration Assistant

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Fri Sep 20 08:17:27 CDT 2024