Re: Security Wonks ate my hamster.
- From: Hans Forbrich <fuzzy.graybeard@xxxxxxxxx>
- To: oracle-l@xxxxxxxxxxxxx
- Date: Wed, 23 Mar 2016 07:49:00 -0600
On 23/03/2016 6:54 AM, Howard Latham wrote:
I am also the Sysadmin! And as I understand it certain things HAVE to
be done as root.
And there are many things being done as root that do not require root.
The same with SYS and SYSTEM. A personal, and non-repudiatable, ID with
appropriate privileges, is generally enough for the vast majority of
daily operations.
It can be a good thing to use root only where root is required.
Many many DBAs do not realize, on a *nix system, all they require for
most SYSDBA operations is to be part of the *nix 'dba' group, with an
entry in the orapw file. The oracle user is NOT needed for most daily
maintenance operations.
Same goes for root. In many cases, being a member of the 'wheel' group
is sufficient. sudo can cover many of the remaining items.
As the book title goes, we've been given "Enough Rope to Shoot Ourselves
in the Foot". And we took it - hook, line and sinker. Especially sinker.
/Hans
Other related posts: