RE: Requirement to run as user SYS

• From: "Hollis, Les" <Les.Hollis@xxxxxx>
• To: <barb.baker@xxxxxxxxx>, <oracle-l@xxxxxxxxxxxxx>
• Date: Thu, 9 Dec 2004 09:54:51 -0600

Now that has got to be one of the most ridiculous management decisions I
have ever heard......

By "disable" I am assuming you mean to change the password or 'lock' the
account.


As a DBA you can still get in using / as sysdba  which enables you to do
anything you want.  It actually still dumpos you in as SYS.

I tested on one of my 9i DB's.  Locked the user sys account, exited,
logged in   '/ as sysdba',   did a shutdown/startup  and executed this
command....


SQL> show user
USER is "SYS"
SQL>


THIS AFTER I locked the account......



Select * from dba_users where username =3D 'SYS';  returned this


------------------------------------------------------------------------
--
SYS                                     0 D4C5016086B2DC6A
LOCKED                           09-DEC-2004
SYSTEM                         TEMP
16-NOV-2004
DEFAULT                        SYS_GROUP


As you see it shows locked...but you are still sys....


Oh well.....I guess if it makes the idiot auditors happy to think they
found something on you and spineless management leaped through hoops to
appease them, I suppose it isn't ALL that terribly bad...you can STILL
log in as SYS using / as sysdba         whisper whisper....just don't
tell the auditors



It's all good   8~))


-----Original Message-----
From: oracle-l-bounce@xxxxxxxxxxxxx
[mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Barbara Baker
Sent: Thursday, December 09, 2004 9:35 AM
To: oracle-l@xxxxxxxxxxxxx
Subject: Re: Requirement to run as user SYS

 Thanks, Dick.  I really appreciate your responses.
 It's a double-whammy.  We got "written up" by the auditors for using
 the SYS account, so management's response is that we just disable it.
 < sigh . . . >

> On Thu, 9 Dec 2004 09:24:48 -0500, Goulet, Dick <DGoulet@xxxxxxxx>
wrote:
> > Barb,
> >
> >        I'll feel sorry for you for sure.  You've got one VERY
ignorant
> > auditor breathing down your throat and a management team that is
equally
> > ignorant and uncaring for letting this happen.  At least our
auditors
> > were savvy enough to know that SYS is a special account that we need
&
> > don't use excessively and left it out of their questions.
> >
--
//www.freelists.org/webpage/oracle-l
--
//www.freelists.org/webpage/oracle-l

Other related posts:

• » Re: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » Re: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS
• » RE: Requirement to run as user SYS

1. Home
2. oracle-l
3. Archive
4. 12-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---