Re: Protecting production from "us"

From: Alfredo Abate <alfredo.abate_at_gmail.com>
Date: Thu, 3 Dec 2015 14:27:56 -0600
Message-ID: <CALrB5poGT2PXc7nuUiKKy4Kq+c+91itk_SHN4WYnAMGgpjadJQ_at_mail.gmail.com>

I like Jeremy's server side control better for the terminal background colors. I'll have to look into that one.

Thanks for that tip.

Alfredo

On Thu, Dec 3, 2015 at 1:05 PM, Jeremy Schneider < jeremy.schneider_at_ardentperf.com> wrote:

> On Thu, Dec 3, 2015 at 11:45 AM, Herring, David <HerringD_at_dnb.com> wrote:
> > · Should we look into some kind of additional controls where
> > commands like "srvctl stop…" cannot be run under our own accounts using
> > "sudo -u oracle" but instead need a different account on production? For
> > example, normally our unfortunate DBA would use his "scapebob" Linux
> account
> > but perhaps to perform a production shutdown he'd need to connect as
> > "scapebob-rw", a new, special account just for dangerous production
> > activities.
>
> I think that I'd be hesitant to introduce too much variation between
> production and test environments when it comes to processes. It's a
> major advantage if you can test your processes in the test tier, then
> run those same processes verbatim (key-for-key) in production
> afterwards.
>
> > · The problem in our situation was over confusion with multiple
> > windows. Do people set a Linux TMOUT to something short like 10 or 15
> > minutes, to hopefully avoid accidentally leaving production putty
> sessions
> > open?
>
> I feel like a short timeout is likely to cause more frustration in the
> trenches than what it's worth, for anyone who spends any significant
> amount of time troubleshooting production systems. Often you have
> multiple windows open and switch between them... an aggressive timeout
> really makes that much more difficult.
>
> > · Beyond changing the linux prompt and text colors (we set $PS1
> with
> > escape sequences and various key, env-specific values) do you do anything
> > else for protection of production?
>
> Personally, I think background color is your best bet. Only difference
> from Alfredo's suggestion would be that I'd prefer having it be
> controlled server-side rather than relying on each engineer to setup
> all their terminal connections correctly. Not to mention that you
> could get the *wrong* bg color if it's client-side and somehow
> somebody ssh's between tiers.
>
> --
> http://about.me/jeremy_schneider
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

--
http://www.freelists.org/webpage/oracle-l

Received on Thu Dec 03 2015 - 21:27:56 CET

This message: [ Message body ]
Next message: Andrew Kerber: "Re: Single-column vs composite index"
Previous message: Craig Hagan: "Re: Two factor authentication for Oracle Database?"
In reply to: Jeremy Schneider: "Re: Protecting production from "us""
Next in thread: Alfredo Abate: "Re: Protecting production from "us""
Reply: Alfredo Abate: "Re: Protecting production from "us""
Reply: Rumpi Gravenstein: "Re: Protecting production from "us""

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message