Re: Cron management...

From: MARK BRINSMEAD <mark.brinsmead_at_gmail.com>
Date: Mon, 13 Apr 2015 01:17:40 -0400
Message-ID: <CAAaXtLCrt-6atLTwK35CkXk64QNia03Qj-7VhjMtCWsL3XeA7g_at_mail.gmail.com>

Mladen,

Of course I am aware of that. I am also aware that these are questions that *any* responsible system administrator *must* ask. Frankly, I would be deeply concerned if I asked to have a tool like this installed and there were no questions asked.

I would also be annoyed if my request were unreasonably denied. But asking reasonable questions does not necessarily lead to unreasonable denial. When it does, then you escalate the issue to management.

As you say, it is ultimately management who decides what runs on corporate equipment. But it is also the responsibility of the system administrators to investigate and to *advise* management regarding what may or may not be safe to run.

On Sun, Apr 12, 2015 at 10:25 PM, Mladen Gogala <dmarc-noreply_at_freelists.org
> wrote:

> On 04/12/2015 10:11 PM, MARK BRINSMEAD wrote:
>
>> The sysadmins here are simply being cautious -- as well they should be.
>> I, too, would be concerned about a network service that runs as "root" and
>> can -- by design -- run any command as any user at any time, based on
>> instructions received from a remote server, and I would also want to be
>> convinced of its safety before deploying it.
>>
>
> Mark, you are aware that this argument can apply to any 3rd party
> scheduler, even NetBackup itself? Namely, NetBackup has a part that runs as
> root and executes scripts in /usr/openv/netbackup/bin. What does that mean?
> That you would install no 3rd party scheduler or NetBackup? That also
> applies to ssh. By extension, it applies to OEM. If you enable external
> jobs on the system, the centralized OEM scheduler is designed to execute
> any command that is configured as a batch job.
> Products like OEM, Tidal, Control-M and NetBackup encrypt the
> communication between the different nodes, usually using SSL. Systems like
> that usually accept commands from a single IP address and only if properly
> authorized. Your caution eliminates a whole class of very useful products
> from being installed. I am all for helping the DBA, when there is a DBA
> problem. This is not such case.
>
>
> --
> Mladen Gogala
> Oracle DBA
> http://mgogala.freehostia.com
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Mon Apr 13 2015 - 07:17:40 CEST

This message: [ Message body ]
Next message: Sayan Malakshinov: "Re: Query hanged on gv$lock & gv$locked_object"
Previous message: Mladen Gogala: "Re: Cron management..."
In reply to: Mladen Gogala: "Re: Cron management..."
Next in thread: Mladen Gogala: "Re: Cron management..."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message