Re: Oracle ASM without root account

From: Guillermo Alan Bort <cicciuxdba_at_gmail.com>
Date: Thu, 22 Sep 2011 10:41:45 -0300
Message-ID: <CAJ2dSGRA5vt7uTq6jbaMW_HrgSiEDirtYvZM=6aE8r9v7fMgtA_at_mail.gmail.com>

root permissions are only required at install time provided that the OS admin knows how to properly present the disks (which is a safe assumption)

on linux, when using asmlib there are a few more tasks that need root access (oracleasm scandisk, mainly) but these are not common tasks and can be performed by sys admins upon request.

In our prod environments we don't have root access as DBA and several of them use ASM. of course, production is not "productive" at install time so in that period we have sudo ALL and after we are done with the CRS/DB install the unix/security team hardens the OS. Upgrades are a bit trickier and we usually have a sys admin online who runs the root commands (root.sh, mainly).

So, it's not a matter of technology it's a matter of your company's security policies and the IT Security department's willingness to find solutions to real problems or insistence on applying policies to the letter.

to your question

"is it possible to *USE* asm without root access?" YES, you only need a user with the correct group (which is defined at install time) "it would be good not to use root account to maintain ASM configuration" Well, that's a different story. If you have r/w access to the disks, which must be presented to the server by the storage admin and properly configured by the system admin, then you don't really need root access to do anything.

hth
Alan.-

On Thu, Sep 22, 2011 at 8:04 AM, Marcin Przepiorowski <pioro1_at_gmail.com> wrote:
> 2011/9/22 �<przemolicc_at_poczta.fm>:
>> Hello,
>>
>> is it possible to use ASM without root access under AIX ?
>> We are testing this configuration but in production it would be good
>> to not use root account to maintain ASM configuration.
>>
>
> Hi,
>
> What do you mean by ASM configuration ?
> ASM instance is similar to database instance and every user with
> sysasm (in 11.2) or sysdba (in 11.1 and 10g) can change any parameter
> in ASM instance or disk/group configuration.
>
> You will need root account to change physical disk permissions.
>
> regards,
> --
> Marcin Przepiorowski
> http://oracleprof.blogspot.com
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Sep 22 2011 - 08:41:45 CDT

This message: [ Message body ]
Next message: mohammed bhatti: "Oracle RAC 11gR2 and Linux Version"
Previous message: Peter Hitchman: "Re: Timestamp used for messages in alert log after machine timezone change"
In reply to: Marcin Przepiorowski: "Re: Oracle ASM without root account"
Next in thread: przemolicc_at_poczta.fm: "Re: Oracle ASM without root account"
Reply: przemolicc_at_poczta.fm: "Re: Oracle ASM without root account"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message