Monday, February 9, 2009

Redhat Command

rpm -Uvh /home/applmgr/connect-proxy-1.93-2.el3.at.i386.rpm
Posted by at No comments:

Sunday, February 1, 2009

Grant Remote SYSDBA

http://www.orafaq.com/wiki/Oracle_database_Security_FAQ

Managing administrative (privileged) users and password files

An administrative account is a user that is granted SYSOPER or SYSDBA privileges. Oracle DBAs and operators typically use administrative accounts to manage the database and database instance.

SYSDBA and SYSOPER allow access to a database instance even if it is not running. Control of these privileges is managed outside of the database via password files and special operating system groups (dba on Unix/Linux and ORA_DBA on Windows). External password files are created with the orapwd utility.

Connecting as an administrative user:

If an administrative users belongs to the "dba" group on Unix, or the "ORA_DBA" (ORA_sid_DBA) group on Windows, he/she can connect like this: 

connect / as sysdba

No password is required. This is equivalent to the desupported "connect internal" method.

A password is required for "non-secure" administrative access. These passwords are stored in password files. Remote connections via Net8 are classified as non-secure. Look at this example: 

connect sys/password as sysdba

Password files:

The Oracle Password File ($ORACLE_HOME/dbs/orapw or orapwSID) stores passwords for users with administrative privileges. One needs to create a password files before remote administrators (like OEM) will be allowed to connect.

Follow this procedure to create a new password file:

  • Log in as the Oracle software owner
  • Run command: orapwd file=$ORACLE_HOME/dbs/orapw$ORACLE_SID password=mypasswd
  • Shutdown the database (SQLPLUS> SHUTDOWN IMMEDIATE)
  • Edit the INIT.ORA file and ensure REMOTE_LOGIN_PASSWORDFILE=exclusive is set.
  • Startup the database (SQLPLUS> STARTUP)[/list]

NOTE: The orapwd utility presents a security risk in that it receives a password from the command line. This password is visible in the process table of many systems. Administrators needs to be aware of this!

Adding users to Password File:

One can select from the SYS.V_$PWFILE_USERS view to see which users are listed in the password file. New users can be added to the password file by granting them SYSDBA or SYSOPER privileges, or by using the orapwd utility. 

GRANT SYSDBA TO scott;

Posted by at No comments:
Subscribe to: Posts (Atom)