Oracle数据库的SYS用户作为“God”级别的用户可以说无所不能。默认情况下SYS用户的登录方式只能是以“sysdba”特权方式登录到数据库。本文给出SYS用户以普通用户身份方式登录到数据库的方法。
1.默认情况下SYS用户不能以普通用户方式登录数据库
1)使用sqlplus命令尝试登录
ora10g@secdb /home/oracle$ sqlplus sys/oracle
SQL*Plus: Release 10.2.0.1.0 - Production on Fri May 27 21:26:27 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-28009: connection as SYS should be as SYSDBA or SYSOPER
Enter user-name:
提示无法连接。
2)使用connect命令尝试登录
sys@ora10g> connect sys/oracle
ERROR:
ORA-28009: connection as SYS should be as SYSDBA or SYSOPER
Warning: You are no longer connected to ORACLE.
提示无法连接。
可见,默认情况下SYS用户是不能以普通用户方式登录数据库的。
2.打开这种限制的方法:修改O7_DICTIONARY_ACCESSIBILITY参数值由原值“FALSE”修改为“TRUE”
1)查看O7_DICTIONARY_ACCESSIBILITY参数默认值
sys@ora10g> show parameter O7_DICTIONARY_ACCESSIBILITY
NAME TYPE VALUE
---------------------------------- -------------------- -------------
O7_DICTIONARY_ACCESSIBILITY boolean FALSE
2)调整O7_DICTIONARY_ACCESSIBILITY参数值为“TRUE”
sys@ora10g> alter system set O7_DICTIONARY_ACCESSIBILITY=true scope=spfile;
System altered.
3)重启数据库使参数调整生效
sys@ora10g> startup force;
ORACLE instance started.
Total System Global Area 419430400 bytes
Fixed Size 1219784 bytes
Variable Size 96469816 bytes
Database Buffers 314572800 bytes
Redo Buffers 7168000 bytes
Database mounted.
Database opened.
4)确认参数调整结果
sys@ora10g> show parameter O7_DICTIONARY_ACCESSIBILITY
NAME TYPE VALUE
---------------------------------- -------------------- -------------
O7_DICTIONARY_ACCESSIBILITY boolean TRUE
3.测试SYS用户是否能以普通用户方式登录数据库
1)使用sqlplus命令尝试登录
ora10g@secdb /home/oracle$ sqlplus sys/oracle
SQL*Plus: Release 10.2.0.1.0 - Production on Fri May 27 21:44:59 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
sys@ora10g>
2)使用connect命令尝试登录
sys@ora10g> connect sys/oracle
Connected.
sys@ora10g> show user;
USER is "SYS"
此时我们已经实现了SYS用户以普通用户方式登录到数据库。
4.SYS用户以普通用户身份登录数据库的权限限制
虽然我们实现了SYS用户以普通用户方式登录数据库这个功能,但是这种登录方式同时也失去了sysdba这种特权,这种登录方式不能完成数据库的关闭;在数据库关闭状态下这种方式也无法连接到数据库,从而不能启动数据库。因为启动和关闭必须使用特权身份登录
1)尝试关闭数据库
sys@ora10g> shutdown immediate;
ORA-01031: insufficient privileges
此时提示权限不足。
2)关闭数据库后尝试连接
sys@ora10g> conn / as sysdba
Connected.
sys@ora10g> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
sys@ora10g> conn sys/oracle
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux Error: 2: No such file or directory
Warning: You are no longer connected to ORACLE.
sys@ora10g> exit
ora10g@secdb /home/oracle$ sqlplus sys/oracle
SQL*Plus: Release 10.2.0.1.0 - Production on Fri May 27 21:50:18 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux Error: 2: No such file or directory
Enter user-name:
由于无法连接到数据库,因此便不可以启动数据库。因为此时是以普通用户身份登录。
5.小结
通过整个分析和探寻的过程可见,这种调整方法的必要性很小。仅作为一种功能上的实现。
Good luck.
secooler
11.06.04
-- The End --
1.默认情况下SYS用户不能以普通用户方式登录数据库
1)使用sqlplus命令尝试登录
ora10g@secdb /home/oracle$ sqlplus sys/oracle
SQL*Plus: Release 10.2.0.1.0 - Production on Fri May 27 21:26:27 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-28009: connection as SYS should be as SYSDBA or SYSOPER
Enter user-name:
提示无法连接。
2)使用connect命令尝试登录
sys@ora10g> connect sys/oracle
ERROR:
ORA-28009: connection as SYS should be as SYSDBA or SYSOPER
Warning: You are no longer connected to ORACLE.
提示无法连接。
可见,默认情况下SYS用户是不能以普通用户方式登录数据库的。
2.打开这种限制的方法:修改O7_DICTIONARY_ACCESSIBILITY参数值由原值“FALSE”修改为“TRUE”
1)查看O7_DICTIONARY_ACCESSIBILITY参数默认值
sys@ora10g> show parameter O7_DICTIONARY_ACCESSIBILITY
NAME TYPE VALUE
---------------------------------- -------------------- -------------
O7_DICTIONARY_ACCESSIBILITY boolean FALSE
2)调整O7_DICTIONARY_ACCESSIBILITY参数值为“TRUE”
sys@ora10g> alter system set O7_DICTIONARY_ACCESSIBILITY=true scope=spfile;
System altered.
3)重启数据库使参数调整生效
sys@ora10g> startup force;
ORACLE instance started.
Total System Global Area 419430400 bytes
Fixed Size 1219784 bytes
Variable Size 96469816 bytes
Database Buffers 314572800 bytes
Redo Buffers 7168000 bytes
Database mounted.
Database opened.
4)确认参数调整结果
sys@ora10g> show parameter O7_DICTIONARY_ACCESSIBILITY
NAME TYPE VALUE
---------------------------------- -------------------- -------------
O7_DICTIONARY_ACCESSIBILITY boolean TRUE
3.测试SYS用户是否能以普通用户方式登录数据库
1)使用sqlplus命令尝试登录
ora10g@secdb /home/oracle$ sqlplus sys/oracle
SQL*Plus: Release 10.2.0.1.0 - Production on Fri May 27 21:44:59 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
sys@ora10g>
2)使用connect命令尝试登录
sys@ora10g> connect sys/oracle
Connected.
sys@ora10g> show user;
USER is "SYS"
此时我们已经实现了SYS用户以普通用户方式登录到数据库。
4.SYS用户以普通用户身份登录数据库的权限限制
虽然我们实现了SYS用户以普通用户方式登录数据库这个功能,但是这种登录方式同时也失去了sysdba这种特权,这种登录方式不能完成数据库的关闭;在数据库关闭状态下这种方式也无法连接到数据库,从而不能启动数据库。因为启动和关闭必须使用特权身份登录
1)尝试关闭数据库
sys@ora10g> shutdown immediate;
ORA-01031: insufficient privileges
此时提示权限不足。
2)关闭数据库后尝试连接
sys@ora10g> conn / as sysdba
Connected.
sys@ora10g> shutdown immediate;
Database closed.
Database dismounted.
ORACLE instance shut down.
sys@ora10g> conn sys/oracle
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux Error: 2: No such file or directory
Warning: You are no longer connected to ORACLE.
sys@ora10g> exit
ora10g@secdb /home/oracle$ sqlplus sys/oracle
SQL*Plus: Release 10.2.0.1.0 - Production on Fri May 27 21:50:18 2011
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01034: ORACLE not available
ORA-27101: shared memory realm does not exist
Linux Error: 2: No such file or directory
Enter user-name:
由于无法连接到数据库,因此便不可以启动数据库。因为此时是以普通用户身份登录。
5.小结
通过整个分析和探寻的过程可见,这种调整方法的必要性很小。仅作为一种功能上的实现。
Good luck.
secooler
11.06.04
-- The End --