Oracle 10g实例搜索密码文件时默认是搜索$ORACLE_HOME/dbs目录下面的orapw$ORACLE_SID文件,当orapw$ORACLE_SID文件不存在时,则搜索orapw文件,该密码文件主要存放了sysdba,sysoper权限的用户的密码,并以密文的形式保存在密码文件中。
如
[oracle@dbsvr dbs]$ strings orapwzhoul
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
ZHOUL
2026035BE31C0322
但奇怪的是,当我对zhoul用户收回sysdba权限时,该用户还是在密码文件中保存,并用strings命令查看内容似乎“没变”
[oracle@dbsvr dbs]$ strings orapwzhoul
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
ZHOUL
2026035BE31C0322
通过研究发现,Oracle存在一张 X$KZSRT,[K]ernel [Z]ecurity layer [S]ecurity for [R]emote logins remote Password File [T]able entries用于存放sysdba,sysoper权限的用户,而进一步研究发现
SQL> alter system flush buffer_cache;
System altered.
SQL> alter system flush shared_pool;
System altered.
SQL> ALTER SESSION SET EVENTS '10046 trace name context forever, level 12';
Session altered.
SQL> select * from x$kzsrt;
ADDR INDX INST_ID USERNAME SYSDBA SYSOPER VALID
-------- ---------- ---------- --------------- ---------- ---------- ----------
B7327B1C 0 1 INTERNAL 1 1 1
B7327B1C 1 1 SYS 1 1 1
B7327B1C 2 1 ZHOUL 1 0 [color=red] 0[/color]
SQL> ALTER SESSION SET EVENTS '10046 trace name context off';
Session altered.
获取跟踪文件
PARSING IN CURSOR #11 len=21 dep=0 uid=0 oct=3 lid=0 tim=1289695332968015 hv=3270369302 ad='2e3157f0'
select * from x$kzsrt
END OF STMT
PARSE #11:c=19998,e=18975,p=2,cr=17,cu=0,mis=1,r=0,dep=0,og=1,tim=1289695332968008
BINDS #11:
EXEC #11:c=0,e=69,p=0,cr=0,cu=0,mis=0,r=0,dep=0,og=1,tim=1289695332968140
WAIT #11: nam='SQL*Net message to client' ela= 4 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695332968191
FETCH #11:c=1000,e=955,p=0,cr=0,cu=0,mis=0,r=1,dep=0,og=1,tim=1289695332969765
WAIT #11: nam='SQL*Net message from client' ela= 2901 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695332972817
WAIT #11: nam='SQL*Net message to client' ela= 3 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695332972892
FETCH #11:c=0,e=43,p=0,cr=0,cu=0,mis=0,r=1,dep=0,og=1,tim=1289695332972918
*** 2011-11-07 01:40:26.244
WAIT #11: nam='SQL*Net message from client' ela= 5156056 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695338129047
STAT #11 id=1 cnt=2 pid=0 pos=1 obj=0 op='FIXED TABLE FULL X$KZSRT (cr=0 pr=0 pw=0 time=403 us)'
可以看到我们查看x$kzsrt就是直接读取密码文件,而对用户回收sysdba权限并没有在密码文件中删除,而只是修改了状态位而已,status从1改为0。
如
[oracle@dbsvr dbs]$ strings orapwzhoul
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
ZHOUL
2026035BE31C0322
但奇怪的是,当我对zhoul用户收回sysdba权限时,该用户还是在密码文件中保存,并用strings命令查看内容似乎“没变”
[oracle@dbsvr dbs]$ strings orapwzhoul
]\[Z
ORACLE Remote Password file
INTERNAL
AB27B53EDC5FEF41
8A8F025737A9097A
ZHOUL
2026035BE31C0322
通过研究发现,Oracle存在一张 X$KZSRT,[K]ernel [Z]ecurity layer [S]ecurity for [R]emote logins remote Password File [T]able entries用于存放sysdba,sysoper权限的用户,而进一步研究发现
SQL> alter system flush buffer_cache;
System altered.
SQL> alter system flush shared_pool;
System altered.
SQL> ALTER SESSION SET EVENTS '10046 trace name context forever, level 12';
Session altered.
SQL> select * from x$kzsrt;
ADDR INDX INST_ID USERNAME SYSDBA SYSOPER VALID
-------- ---------- ---------- --------------- ---------- ---------- ----------
B7327B1C 0 1 INTERNAL 1 1 1
B7327B1C 1 1 SYS 1 1 1
B7327B1C 2 1 ZHOUL 1 0 [color=red] 0[/color]
SQL> ALTER SESSION SET EVENTS '10046 trace name context off';
Session altered.
获取跟踪文件
PARSING IN CURSOR #11 len=21 dep=0 uid=0 oct=3 lid=0 tim=1289695332968015 hv=3270369302 ad='2e3157f0'
select * from x$kzsrt
END OF STMT
PARSE #11:c=19998,e=18975,p=2,cr=17,cu=0,mis=1,r=0,dep=0,og=1,tim=1289695332968008
BINDS #11:
EXEC #11:c=0,e=69,p=0,cr=0,cu=0,mis=0,r=0,dep=0,og=1,tim=1289695332968140
WAIT #11: nam='SQL*Net message to client' ela= 4 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695332968191
FETCH #11:c=1000,e=955,p=0,cr=0,cu=0,mis=0,r=1,dep=0,og=1,tim=1289695332969765
WAIT #11: nam='SQL*Net message from client' ela= 2901 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695332972817
WAIT #11: nam='SQL*Net message to client' ela= 3 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695332972892
FETCH #11:c=0,e=43,p=0,cr=0,cu=0,mis=0,r=1,dep=0,og=1,tim=1289695332972918
*** 2011-11-07 01:40:26.244
WAIT #11: nam='SQL*Net message from client' ela= 5156056 driver id=1650815232 #bytes=1 p3=0 obj#=4586 tim=1289695338129047
STAT #11 id=1 cnt=2 pid=0 pos=1 obj=0 op='FIXED TABLE FULL X$KZSRT (cr=0 pr=0 pw=0 time=403 us)'
可以看到我们查看x$kzsrt就是直接读取密码文件,而对用户回收sysdba权限并没有在密码文件中删除,而只是修改了状态位而已,status从1改为0。
1万+
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
