utl_file_dir SYS User Protection

Phone
800-766-1884

Oracle Tips by Burleson

SYS User Protection

The equivalent of a super user inside the Oracle database is SYS, who can perform any activity such as startup, shutdown, creating users, etc.

Naturally, this user account must be protected very carefully, otherwise, a malicious person with the knowledge of this account can shutdown the entire database. However, under certain configurations, the password of the user need not be entered to login as SYS. If the UNIX user's group is

DBA, the user can login as SYS using the following command

sqlplus "/ as sysdba"

Voila! The user is connected as sys without even knowing the password! Note how dangerous it is to leave the passwords of people who login to UNIX under group DBA unsecured. Therefore, be very careful in assigning UNIX users to the DBA group. Typically, you would create two groups

dba
oinstall

There should be separate users for the Oracle software installation and the Oracle account owner. In addition, you should also create separate users to manage the database, such as startup, shutdown, etc. These should not be controlled from the software owner or other Oracle users. Besides these users, the DBA group privileges should never be granted to anyone.

Tip: The Oracle user should have the installed software only, nothing else; the other tasks, like starting up, shutting down, etc. should be performed by the individual dba user.

Download your Oracle scripts now:

www.oracle-script.com

The definitive Oracle Script collection for every Oracle professional DBA