Intermediate SQL Color Coded SQL, UNIX and Database Essays

29Jan/115

How to become regular ORACLE user when you do NOT know the password

This is a fairly common situation for a DBA: you can always connect as SYSDBA, but sometimes you really need to connect as a regular database user (i.e. to have proper environment for your queries).

If you are root in UNIX, this would be extremely easy to do:

su - <regular user>

Unfortunately, ORACLE does not have an equivalent su command and, even if you are SYS, to connect to any regular database user you need to know its password (which could be a problem).

Still, there is a simple workaround that can be applied here. Essentially, you can save user’s old password, change it to some dummy value and quickly change it back after your connection is established.

While user password hashes are no longer exposed in DBA_USERS view (starting with 11g, I believe), they are still available in SYS.USER$.

Below is the script that does exactly that (full credit goes to Matt Parker who showed me this trick).

define BECOME_USER=&1

COLUMN user_pwd new_value SZ_PWD

SET termout off
SELECT password AS user_pwd FROM USER$ WHERE UPPER(name)='&BECOME_USER';

spool '/tmp/.&BECOME_USER..CHANGE'
prompt SET termout off
prompt CONNECT / AS sysdba
prompt ALTER USER &BECOME_USER IDENTIFIED BY VALUES '&SZ_PWD';;
prompt exit
spool off

ALTER USER &BECOME_USER IDENTIFIED BY TEMPORARY;
CONNECT &BECOME_USER/TEMPORARY
host sqlplus -S /nolog @/tmp/.&BECOME_USER..CHANGE
host rm /tmp/.&BECOME_USER..CHANGE

SET termout ON

SHOW USER

undef BECOME_USER