Re: Oracle instance startup user on Unix

On 7/13/05, RSL <rob.langmuir_at_joking.plus.com> wrote:
> We have a third-party application, which as part of installation process,
> uses it's own Unix account to create/startup Oracle database/instance. They
> also want to start a listener with this account.
>
> In the future we plan to add our own instances/databases, and these will all
> be started/created using Oracle account.
>
>
> I don't much like the idea of having two separate unix accounts involved in
> creating database(s) and starting instances.
>
> Although there is no practical reason why this can't be done, can you please
> offer any reasons why you wouldn't /shouldn't do this.
>
> Thanks..../Bob

Bob,

Since you are supporting multiple databases on a single server, I highly recommend the use of different accounts owning different databases and their filesystems so that privilege separation can be used. In this matter, a cloning exercise of a test database from production can be carried out under the credentials of an account that has read permissions on the backup staging directory (user-managed "hot" backup) and its archived redo logs - without the ability to write to the filesystems of the production databases.

Have you ever heard of a dba running a CREATE CONTROLFILE script for a test database that was edited less than perfectly ... overwriting the production database's datafiles?
With privilege separation using separate accounts, this is not possible.

Its tempting to connect as a account that has dba privs on all databases ... and one might not ever make a mistake that privilege separation could have prevented. I can tell you that it saved my behind on one occassion - and it would have prevented me from trashing a datafile of a production database when I was in a hurry (and was sloppy). That happened once and will not happen again.

Paul

--
http://www.freelists.org/webpage/oracle-l