by Back to the security subject close to my heart. We have a vendor who have
installed themselves a login and changed the uid to 0 (root). All
dataservers run under this login.
Apart from the fact that this effectively gives them a root login on the
machine, which I really object to, I also take issue with running a database
as the root user.
With several major DBMS this is an absolute no no. Most will not even
install!
I have noticed with a progress database running as a user who is not root,
that when something critical happens on the machine (ie out of memory) the
database shuts down quietly and safely. The converse side is that when
running as root in such a situation it will just keep going and going and
going.
My opinion bluntly is that the database should not be run as root. Does
anyone have other information to support this?
Neil