Return-Path: Delivered-To: 2-oracle-l@orafaq.com Received: (qmail 25707 invoked from network); 1 Jul 2008 14:51:18 -0500 Received: from freelists-180.iquest.net (HELO turing.freelists.org) (206.53.239.180) by air964.startdedicated.com with SMTP; 1 Jul 2008 14:51:18 -0500 Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 270D0866788; Tue, 1 Jul 2008 15:51:18 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22000-01; Tue, 1 Jul 2008 15:51:18 -0400 (EDT) Received: from turing (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id 8AC03866939; Tue, 1 Jul 2008 15:51:17 -0400 (EDT) Received: with ECARTIS (v1.0.0; list oracle-l); Tue, 01 Jul 2008 15:12:03 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id DEB108665CA for ; Tue, 1 Jul 2008 15:12:02 -0400 (EDT) Received: from turing.freelists.org ([127.0.0.1]) by localhost (turing.freelists.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 17542-07 for ; Tue, 1 Jul 2008 15:12:02 -0400 (EDT) Received: from fmmailgate06.web.de (fmmailgate06.web.de [217.72.192.247]) by turing.freelists.org (Avenir Technologies Mail Multiplex) with ESMTP id E87B2865F3B for ; Tue, 1 Jul 2008 15:12:01 -0400 (EDT) Received: from web.de by fmmailgate06.web.de (Postfix) with SMTP id 5906D34EC; Tue, 1 Jul 2008 21:11:59 +0200 (CEST) Received: from [194.15.152.41] by freemailng5902.web.de with HTTP; Tue, 01 Jul 2008 21:11:58 +0200 Date: Tue, 01 Jul 2008 21:11:58 +0200 Message-Id: <1017609676@web.de> MIME-Version: 1.0 From: Kurt Franke To: jkstill@gmail.com, Oracle-L Freelists Subject: Re: Sticky bit set on linux password file Precedence: fm-user Organization: http://freemail.web.de/ X-Provags-Id: V01U2FsdGVkX1/Jjz5tCIABxgG4ht94O3v3H4C5HPHu01vUDc2Gmr4lbaEPn SKE7INhOYTBsjxCvjKsSD30KUeBXGczQ02A/+WgSOXfsePcvo7CB8JgkbTGj g== Content-Type: text/plain; charset=iso-8859-15 X-archive-position: 9252 X-ecartis-version: Ecartis v1.0.0 Sender: oracle-l-bounce@freelists.org Errors-to: oracle-l-bounce@freelists.org X-original-sender: Kurt-Franke@web.de Precedence: normal Reply-to: Kurt-Franke@web.de List-help: List-unsubscribe: List-software: Ecartis version 1.0.0 List-Id: oracle-l X-List-ID: oracle-l List-subscribe: List-owner: List-post: List-archive: X-list: oracle-l X-Virus-Scanned: Debian amavisd-new at localhost.localdomain Hi Jared, its just for Security. On System where chown is allowed for everey user for security reasons the setuid-Bit is always deleted if a file is chowned. Thus if a set setuid-Bit is desired for the Password File by the Oracle Server and its use is refused otherwise no one but root can make a password file gift to the oracle unix user. Regards kf While going through an annual sarbox task I noticed that on Linux ( > maybe unix too) > the sticky bit is set on the password file. > > [oracle@server before]$ l $OH/dbs/orapworcl > -rwSr----- 1 oracle oinstall 1536 Oct 30 2007 /u01/app/oracle/product/ > 9.2.0/aglqa/dbs/orapworcl > > The bit is shown as a capital S due to the execute bit not being set. > > There's nothing in ML about it, at least I could not find anything. > > The following test was performed: > > shutdown database > chmod 640 orapworcl > startup database > logon to database remotely as sysdba > > It doesn't appear that the SUID bit serves any purpose. > > Does someone here know why the password file is SUID? > > -- > Jared Still > Certifiable Oracle DBA and Part Time Perl Evangelist > > -- http://www.freelists.org/webpage/oracle-l