Ask the Expert

Tasks that use the OS-level logon ID

We have a number of production environments and are looking at securing the Sybase servers, including all OS-level logon IDs such as "sybase". The operational DBAs insist that they need "sybase" on a daily basis and that having the logon ID available as a firecall is unworkable.

As far as I can tell, the OS-level logon ID "sybase" is only used for the following tasks:

  1. Installation and update/upgrade of the Sybase softare
  2. Starting of the database and backup server software after a shutdown (OS or Sybase)
  3. Looking at Sybase's log files (really reaching for this one...)

Are there any other tasks that need the OS-level logon ID to perform as opposed to a generic user account that's a member of the OS-level group "sybase"?


    Requires Free Membership to View

In my opinion it makes sense for DBAs to have local access to Sybase account. Sybase is almost always created as a local account on the server (as opposed to a NIS account). I believe DBAs need to have access to Sybase login for a variety of reasons that you mentioned plus maintaining the cronjobs for Sybase (as opposed to running Sybase crons as root etc.).

To remedy this problem, create a NIS account for each DBA under "his/her login name" as opposed to Sybase. Then your Unix SA can easily set up a "sudo" facility to allow the DBA to access Sybase without knowing Sybase login password. This should work generally. In the example below, I have a NIS account called 'micht' which allows me access to the host hp3, which has Sybase data server. I log in as "micht" and then "sudo" to Sybase without knowing Sybase login password.

login as: micht
micht@hp3's password:
Last successful login for micht: Thu Aug 26 12:04:06 GMT0BST 2004
Last unsuccessful login for micht: Thu Aug 26 20:09:14 GMT0BST 2004 
Last login: Thu Aug 26 12:04:29 2004 from 172.16.113.196

[micht@hp3:/home/micht]$ sudo su - sybase [sybase@hp3:/opt/sybase]$

This was first published in August 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: