本文介绍了如何在Oracle 11g Enterprise Edition中禁止操作系统验证,强制属于dba组的OS用户通过输入sys用户的密码以sysdba权限登录数据库。步骤包括修改sqlnet.ora文件,设置权限,并创建sys口令文件。
本文实验基于以下Oracle数据库版本:
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
PL/SQL Release 11.1.0.7.0 - Production
CORE 11.1.0.7.0 Production
TNS for Linux: Version 11.1.0.7.0 - Production
NLSRTL Version 11.1.0.7.0 - Production
SQL>
默认情况下,属于dba组的OS用户,不用输入密码或者输入任何密码都可以sysdba的身份登陆Oracle数据库,如下:
sqlplus / as sysdba
sqlplus sys/anypassword as sysdba
但有时我们需要将OS用户和sys用户分离出来,即属于dba组的OS用户亦需要sys密码才能以sysdba权限登陆数据库,那么我们可以通过如下3步来完成:
1. 禁用操作系统验证
$ cd $TNS_ADMIN
$ echo 'SQLNET.AUTHENTICATION_SERVICES= (NONE)' >> sqlnet.ora
2. 收回sqlnet.ora文件写权限
# chmod 644 $TNS_ADMIN/sqlnet.ora
# chown root.root $TNS_ADMIN/sqlnet.ora
3. 创建sys口令文件,启用sys用户密码
$ cd $ORACLE_HOME/dbs
$ orapwd file=orapw${ORACLE_SID} password=secret entries=5
测试:
[oracle@server1 ~]$ sqlplus sys/secret as sysdba
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Feb 27 13:13:47 2013
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@server1 ~]$ sqlplus sys/secret1 as sysdba
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Feb 27 13:13:53 2013
Copyright (c) 1982, 2008, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name: ^C
[oracle@server1 ~]$
SQL> select * from v$version;
BANNER
--------------------------------------------------------------------------------
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
PL/SQL Release 11.1.0.7.0 - Production
CORE 11.1.0.7.0 Production
TNS for Linux: Version 11.1.0.7.0 - Production
NLSRTL Version 11.1.0.7.0 - Production
SQL>
默认情况下,属于dba组的OS用户,不用输入密码或者输入任何密码都可以sysdba的身份登陆Oracle数据库,如下:
sqlplus / as sysdba
sqlplus sys/anypassword as sysdba
但有时我们需要将OS用户和sys用户分离出来,即属于dba组的OS用户亦需要sys密码才能以sysdba权限登陆数据库,那么我们可以通过如下3步来完成:
1. 禁用操作系统验证
$ cd $TNS_ADMIN
$ echo 'SQLNET.AUTHENTICATION_SERVICES= (NONE)' >> sqlnet.ora
2. 收回sqlnet.ora文件写权限
# chmod 644 $TNS_ADMIN/sqlnet.ora
# chown root.root $TNS_ADMIN/sqlnet.ora
3. 创建sys口令文件,启用sys用户密码
$ cd $ORACLE_HOME/dbs
$ orapwd file=orapw${ORACLE_SID} password=secret entries=5
测试:
[oracle@server1 ~]$ sqlplus sys/secret as sysdba
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Feb 27 13:13:47 2013
Copyright (c) 1982, 2008, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> exit
Disconnected from Oracle Database 11g Enterprise Edition Release 11.1.0.7.0 - 64bit Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
[oracle@server1 ~]$ sqlplus sys/secret1 as sysdba
SQL*Plus: Release 11.1.0.7.0 - Production on Wed Feb 27 13:13:53 2013
Copyright (c) 1982, 2008, Oracle. All rights reserved.
ERROR:
ORA-01017: invalid username/password; logon denied
Enter user-name: ^C
[oracle@server1 ~]$
扫一扫
1881
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
