Advanced Oracle Utilities: The Definitive Reference by Rampant
TechPress is written by top Oracle database experts (Bert Scalzo, Donald Burleson, and Steve Callan). The following
is an excerpt from the book.
In UNIX, a user named oracle is
generally created to become the owner of the Oracle software on the UNIX
In addition to the oracle user, other UNIX
users may be created and granted access to certain oracle files on the
server. First on the menu is how UNIX manages user IDs and groups.
Groups are defined in a file
called /etc/group. Each
line of the /etc/group file contains group data separated by a colon
":". This file defines each group and contains the following values:
: members of the group
root> cat /etc/group
Now see how user information is stored inside UNIX.
UNIX user management
UNIX users are controlled by a
special file called /etc/passwd.
This file contains a series of strings
separated by colons ":".
The values are:
: user_nbr :
group_nbr : default
root> cat /etc/passwd
From the above listing, it can be determined that the
oracle user has a encrypted password in /etc/shadow, that they are user
108, and they are in group 102.
The oracle user has /export/home/oracle for a home directory, and
they are using the Korn shell as a default shell.
For some people, the John the Ripper tool, explained later, meets
the definition of a utility. But for the purposes of this book, it
definitely does not.
UNIX passwords on
UNIX passwords are extremely
vulnerable to hacking. Users can
change their passwords by invoking the passwd command.
Note that the listing of /etc/passwd does not contain the
encrypted passwords for the user IDs, and the password column is denoted
with an "x". This indicates
that the system administrator is storing the passwords in another
special file called /etc/shadow.
However, protecting passwords
in a /etc/shadow file is not always enough to ensure security.
Several tools such as John the Ripper can be used to easily crack
into these UNIX files, stealing access to the Oracle server and all
database data. To learn how
to protect a UNIX password from hacking, see the UNIX password cracker