HPE Community
Operating System - HP-UX
1751860 Members
5018 Online
108782 Solutions
New Discussion юеВ

Root password

 
SOLVED
Go to solution
Clara Rowe
Frequent Advisor

тАО10-25-2001 06:45 AM

тАО10-25-2001 06:45 AM

Root password

Dear Experts,
This one should be easy for you, I just want your opinions. The DBA's in our shop say they need to have the root password. What are your thoughts?

Thanx.
Clara
Take time to smell the roses.
0 Kudos
Reply
16 REPLIES 16
Craig Rants
Honored Contributor

тАО10-25-2001 06:48 AM

тАО10-25-2001 06:48 AM

Solution

Re: Root password

Install sudo and give them access to the commands they need, that will create a definative list of what they need and not make you look like that bad guy.
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
Reply
Uday_S_Ankolekar
Honored Contributor

тАО10-25-2001 06:50 AM

тАО10-25-2001 06:50 AM

Re: Root password

Hi,

My answer is NO..

The DBA related tasks can sure be handled by by them with the proper permissions and groups and for the System admin tasks you are there to help them.
Ask them why they want the root password..? Inface you can give them restricted permission to do some of admin jobs. by restricted sam. (sam -r)
or you can use sudo utility and have control on their "system administartion"


-USA..
Good Luck..
Reply
Sachin Patel
Honored Contributor

тАО10-25-2001 06:52 AM

тАО10-25-2001 06:52 AM

Re: Root password

Hi Clara,
If I were you I say no. What is there requirement? Why they need root accesss? You can setup sudo or super for it.
If it is small compan. and only few system I will do it. It it is big comp. and lots of different department handle by different persons I will not.

Sachin
Is photography a hobby or another way to spend $
Reply
Santosh Nair_1
Honored Contributor

тАО10-25-2001 06:52 AM

тАО10-25-2001 06:52 AM

Re: Root password

I would say absolutely not. I understand that Oracle needs some scripts run as root when you first install it, but that's a one time thing. The DBAs should be able to do their jobs without root permissions since all the database files are usually owned by the DBA.

Also, it would help if you mentioned which database product they administer.

Hope this helps.

-Santosh
Life is what's happening while you're busy making other plans
Reply
James Beamish-White
Trusted Contributor

тАО10-25-2001 06:53 AM

тАО10-25-2001 06:53 AM

Re: Root password

This is an exerpt from an oracle security document by Mike Henderson:

The DBA position, and that of the root user, are trusted positions. It is almost impossible to subdivide the job specifications into roles where no one person can do 'too much' and still perform the role effectively in a commercial environment.

I'm not a DBA, I'm a sysadmin, so I don't know what their role entails that can't be got around by having their sysadmin do file system resizing and kernel tuning, but hey, I'm not the DB expert, Mike Henderson is supposed to be...

Cheers,
James
GARDENOFEDEN> create light
Reply
Patrick Wallek
Honored Contributor

тАО10-25-2001 06:55 AM

тАО10-25-2001 06:55 AM

Re: Root password

I must echo everyone else's statements.

Do NOT give the DBA's unlimited root access. If they screw something up inadvertantly, will they tell you EXACTLY what they did? Probably not. And guess who gets to figure out what happened? :)

Install sudo. You can set sudo up so that they can run only what they absolutely have to, and they don't have the root passwd.

The root passwd should be given to the abolute minimum number of people possible.
Reply
linuxfan
Honored Contributor

тАО10-25-2001 06:57 AM

тАО10-25-2001 06:57 AM

Re: Root password

Hi Clara,

The simple answer is NO. Most of the times they only need root access to run the root.sh script while installling oracle, you can set up sudo and give them access to run that script.

The best solution is sudo, rather than giving out root access

You can find out more about sudo from

http://www.courtesan.com/sudo/

-Regards
Ramesh
They think they know but don't. At least I know I don't know - Socrates
Reply
James R. Ferguson
Acclaimed Contributor

тАО10-25-2001 06:57 AM

тАО10-25-2001 06:57 AM

Re: Root password

Hi:

I don't provide my DBA's with a root password, either. I've got scripts they can use for things like pfs_mounts and beyond that, I'm happy to assist when they need root access.

Regards!

...JRF...
Reply
Rainer von Bongartz
Honored Contributor

тАО10-25-2001 06:58 AM

тАО10-25-2001 06:58 AM

Re: Root password

root is root and DBA is DBA. That's how it't supposed to be and there should be no need to give away the root password just to admin a database ( At least not for ORACLE,INFORMIX or DB2).

He's a real UNIX Man, sitting in his UNIX LAN making all his UNIX plans for nobody ...
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.