Q

Tasks that use the OS-level logon ID

We have a number of production environments and are looking at securing the Sybase servers, including all OS-level logon IDs such as "sybase". The operational DBAs insist that they need "sybase" on a daily basis and that having the logon ID available as a firecall is unworkable.

As far as I can tell, the OS-level logon ID "sybase" is only used for the following tasks:

  1. Installation and update/upgrade of the Sybase softare
  2. Starting of the database and backup server software after a shutdown (OS or Sybase)
  3. Looking at Sybase's log files (really reaching for this one...)

Are there any other tasks that need the OS-level logon ID to perform as opposed to a generic user account that's a member of the OS-level group "sybase"?


In my opinion it makes sense for DBAs to have local access to Sybase account. Sybase is almost always created as a local account on the server (as opposed to a NIS account). I believe DBAs need to have access to Sybase login for a variety of reasons that you mentioned plus maintaining the cronjobs for Sybase (as opposed to running Sybase crons as root etc.).

To remedy this problem, create a NIS account for each DBA under "his/her login name" as opposed to Sybase. Then your Unix SA can easily set up a "sudo" facility to allow the DBA to access Sybase without knowing Sybase login password. This should work generally. In the example below, I have a NIS account called 'micht' which allows me access to the host hp3, which has Sybase data server. I log in as "micht" and then "sudo" to Sybase without knowing Sybase login password.

login as: micht
micht@hp3's password:
Last successful login for micht: Thu Aug 26 12:04:06 GMT0BST 2004
Last unsuccessful login for micht: Thu Aug 26 20:09:14 GMT0BST 2004 
Last login: Thu Aug 26 12:04:29 2004 from 172.16.113.196

[micht@hp3:/home/micht]$ sudo su - sybase [sybase@hp3:/opt/sybase]$

This was last published in August 2004

Dig Deeper on Open source databases

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

-ADS BY GOOGLE

SearchDataCenter

SearchServerVirtualization

SearchCloudComputing

SearchEnterpriseDesktop

Close