Red Hat Bugzilla – Bug 804964
Spacewalk is using wrong db users in addition to defined user
Last modified: 2012-11-01 12:23:11 EDT
Description of problem:
When monitoring our spacewalk oracle database we can see that the spacewalk application is connecting with the sys-user in addition to the original defined spacewalk-user.
We see that the application is doing a number of queries using the sys-user, when it should be using the spacewalk-user.
Our configuration only mentions the spacewalk-user, not the sys-user.
Version-Release number of selected component (if applicable):
Cent OS 5
External Oracle 11g Database.
Steps to Reproduce:
1. Use the http-interface, api or sync packages
2. Look at the sessions being initiated in oracle. Some of these will be executed as the sys-user.
Sys user are being used.
sys user should not be used.
Could you attach some of the queries which are run under sys user?
I got this from my DBA:
select host,userid,password,flag,authusr,authpwd, passwordx, authpwdx
How could the Spacewalk machine possibly connect to your database as user sys when it has no way of knowing its password? When you change the password of your sys user, do the selects stop?
I'll check further and get back to you.
Marking as waiting for the info.
Communication lost here.
I assume this is NOTABUG and the queries against link$ were not initiated by Spacewalk, let alone initiated by Spacewalk as sys user.