Oracle supports two kinds of accounts: database accounts and operating system accounts. Operating system accounts are authenticated externally by the operating system and are generally preceded with OP$, whereas database accounts are authenticated against the database server. A number of users are created by default when the database is installed; some of these are integral to the correct operation of the database whereas others are simply created because a package has been installed. The most important database login on an Oracle server is the SYS login. SYS is god as far as the database is concerned and can be likened to the root account on UNIX systems or Administrator on Windows. SYS is installed with a default password of CHANGE_ON_INSTALL, although, as of 10g, the user is prompted for a password to assignwhich is good (various components that you install can define default usernames and passwordsAppendix C includes a list of more than 600 default account names and passwords). Another key account is SYSTEM. This is just as powerful as SYS and has a default password of MANAGER. Incidentally, passwords in Oracle are converted to uppercase making them easier to brute force if one can get a hold of the password hashes. Details such as usernames and passwords are stored in the SYS.USER$ table.
SQL> select name,password from sys.user$ where type#=1; NAME PASSWORD ------------------------------ ------------------------------ SYS 2696A092833AFD9F SYSTEM ED58B07310B19002 OUTLN 4A3BA55E08595C81 DIP CE4A36B8E06CA59C DMSYS BFBA5A553FD9E28A DBSNMP E066D214D5421CCC WMSYS 7C9BA362F8314299 EXFSYS 66F4EF5650C20355 ORDSYS 7EFA02EC7EA6B86F ORDPLUGINS 88A2B2C183431F00 SI_INFORMTN_SCHEMA 84B8CBCA4D477FA3 MDSYS 72979A94BAD2AF80 CTXSYS 71E687F036AD56E5 OLAPSYS 3FB8EF9DB538647C WK_TEST 29802572EB547DBF XDB 88D8364765FCE6AF ANONYMOUS anonymous SYSMAN 447B729161192C24 MDDATA DF02A496267DEE66 WKSYS 69ED49EE1851900D WKPROXY B97545C4DD2ABE54 MGMT_VIEW B7A76767C5DB2BFD SCOTT F894844C34402B67 23 rows selected.
Both SYS and SYSTEM are DBA privileged accounts but on a typical system you'll also find at least a few more DBAsnamely MDSYS, CTXSYS, WKSYS, and SYSMAN. You can list all DBAs with the following query:
SQL> select distinct a.name from sys.user$ a, sys.sysauth$ b where a.user#=b.grantee# and b.privilege#=4; NAME ----------------------------- CTXSYS SYS SYSMAN SYSTEM WKSYS
(If you know a bit about Oracle and are wondering why I'm not using the DBA_USERS and DBA_ROLE_PRIVS views, see the last chapter in the Oracle sectionyou can't trust views.)
This is enough on users and roles at the moment. Let's look at how database users are authenticated.