Oracle Security and Logon

#See pwd file 
strings $ORACLE_HOME/dbs/orapw$ORACLE_SID

#user colt_bck is os dba member but is not pwd file user
#and can connect using 
#sqlplus "/ as sysdba" #os dba member
#sqlplus "colt_bck/colt_bck as sysdba" #os dba member
cat /etc/group | grep dba
dba:x:502:oracle,colt_bck
#COLT_BCK is not pwd file user
select * from v$pwfile_users
-----------
username	sysdba	sysoper	sysasm
SYS	TRUE	TRUE	FALSE

#user afadalti is not os dba member but is pwd file user
grant sysdba to afadalti
select * from v$pwfile_users
-----------
username	sysdba	sysoper	sysasm
SYS	TRUE	TRUE	FALSE
AFADALTI	TRUE	FALSE	FALSE
#AFADALTI can connect using
#sqlplus "afadalti/afadalti as sysdba" #pwd file member

Set and restore user passwords

Save password before:

select 'alter user ' || username || ' identified by values ''' ||  user$.password ||''';' restore_pwd  
from sys.dba_users, sys.user$
where user$.user#=dba_users.user_id
order by username;

Save the result from the statement above

Change user password:
alter user aldo identified by pippo

Restore the previous password using the previous statement:
alter user aldo identified by values '2C08B4B8D5426E46'

Check no users have default pwd
    
select dba_users.username
from DBA_USERS_WITH_DEFPWD, dba_users
where  dba_users.username=DBA_USERS_WITH_DEFPWD.username
and DBA_USERS.account_status = 'OPEN'