Re: Sticky bit set on linux password file

From: Kurt Franke <Kurt-Franke_at_web.de>
Date: Tue, 01 Jul 2008 21:11:58 +0200
Message-Id: <1017609676@web.de>

Hi Jared,

its just for Security.

On System where chown is allowed for everey user for security reasons the setuid-Bit is always deleted if a file is chowned. Thus if a set setuid-Bit is desired for the Password File by the Oracle Server and its use is refused otherwise no one but root can make a password file gift to the oracle unix user.

Regards

While going through an annual sarbox task I noticed that on Linux (
> maybe unix too)
> the sticky bit is set on the password file.
>
> [oracle_at_server before]$ l $OH/dbs/orapworcl
> -rwSr----- 1 oracle oinstall 1536 Oct 30 2007 /u01/app/oracle/product/
> 9.2.0/aglqa/dbs/orapworcl
>
> The bit is shown as a capital S due to the execute bit not being set.
>
> There's nothing in ML about it, at least I could not find anything.
>
> The following test was performed:
>
> shutdown database
> chmod 640 orapworcl
> startup database
> logon to database remotely as sysdba
>
> It doesn't appear that the SUID bit serves any purpose.
>
> Does someone here know why the password file is SUID?
>
> --
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Jul 01 2008 - 14:11:58 CDT

This message: [ Message body ]
Next message: Tim Gorman: "Re: Sticky bit set on linux password file"
Previous message: TESTAJ3_at_nationwide.com: "Re: Sticky bit set on linux password file"
Maybe in reply to: Jared Still: "Sticky bit set on linux password file"
Next in thread: Jared Still: "Re: Sticky bit set on linux password file"
Reply: Jared Still: "Re: Sticky bit set on linux password file"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message