Re: limiting access
From: Stefan Knecht <knecht.stefan_at_gmail.com>
Date: Sat, 30 May 2015 05:12:07 +0700
Message-ID: <CAP50yQ-Ki91_TEWv80LK_M7gEz8a6SL7+0OMDGr+fUNvabZ3oQ_at_mail.gmail.com>
To add to what Jared has already said, perhaps even use a set of scripts to enable very specific functionality via sudo, instead of granting access to all functions of e.g. srvctl, crsctl, etc... On May 29, 2015 9:53 PM, "Jared Still" <jkstill_at_gmail.com> wrote:
Date: Sat, 30 May 2015 05:12:07 +0700
Message-ID: <CAP50yQ-Ki91_TEWv80LK_M7gEz8a6SL7+0OMDGr+fUNvabZ3oQ_at_mail.gmail.com>
To add to what Jared has already said, perhaps even use a set of scripts to enable very specific functionality via sudo, instead of granting access to all functions of e.g. srvctl, crsctl, etc... On May 29, 2015 9:53 PM, "Jared Still" <jkstill_at_gmail.com> wrote:
>
> On Fri, May 29, 2015 at 7:38 AM, Chris King <ckaj111_at_yahoo.ca> wrote:
>
>> What would you recommend as an overall method of granting the least
>> possible privileges on the linux side? For instance, to restart dbconsole
>> will require login as oracle, which I'd rather avoid giving away, but not
>> sure that's possible.
>>
>
> If the number of commands they need to run as oracle is limited, don't
> give them the oracle login, setup sudo instead.
>
>
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
> Principal Consultant at Pythian
> Pythian Blog http://www.pythian.com/blog/author/still/
> Oracle Blog: http://jkstill.blogspot.com
> Home Page: http://jaredstill.com
>
-- http://www.freelists.org/webpage/oracle-lReceived on Sat May 30 2015 - 00:12:07 CEST