Re: Cron management...

From: Mladen Gogala <mgogala_at_yahoo.com>
Date: Sun, 12 Apr 2015 22:25:44 -0400
Message-ID: <552B2928.5050407_at_yahoo.com>

On 04/12/2015 10:11 PM, MARK BRINSMEAD wrote:
> The sysadmins here are simply being cautious -- as well they should
> be. I, too, would be concerned about a network service that runs as
> "root" and can -- by design -- run any command as any user at any
> time, based on instructions received from a remote server, and I would
> also want to be convinced of its safety before deploying it.

Mark, you are aware that this argument can apply to any 3rd party scheduler, even NetBackup itself? Namely, NetBackup has a part that runs as root and executes scripts in /usr/openv/netbackup/bin. What does that mean? That you would install no 3rd party scheduler or NetBackup? That also applies to ssh. By extension, it applies to OEM. If you enable external jobs on the system, the centralized OEM scheduler is designed to execute any command that is configured as a batch job. Products like OEM, Tidal, Control-M and NetBackup encrypt the communication between the different nodes, usually using SSL. Systems like that usually accept commands from a single IP address and only if properly authorized. Your caution eliminates a whole class of very useful products from being installed. I am all for helping the DBA, when there is a DBA problem. This is not such case.

-- 
Mladen Gogala
Oracle DBA
http://mgogala.freehostia.com

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Apr 13 2015 - 04:25:44 CEST

This message: [ Message body ]
Next message: MARK BRINSMEAD: "Re: Cron management..."
Previous message: Mladen Gogala: "Re: Cron management..."
In reply to: MARK BRINSMEAD: "Re: Cron management..."
Next in thread: MARK BRINSMEAD: "Re: Cron management..."
Reply: MARK BRINSMEAD: "Re: Cron management..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message