Re: Question regarding sudo equivalents
Date: Thu, 16 Jun 2016 09:25:15 -0400
Message-ID: <CAGPSa2OqeP7CbBgT0PmxrAQ33eXyBoWsWYdAcKZzajx1-0bqPQ_at_mail.gmail.com>
Peter,
All our db servers run on Solaris. Our sysadmins configured the oracle user as a role (RBAC) and granted the dbas the ability to type "su - oracle" in order to login as oracle. That was how we did it, until we went to OEM 12c and needed to do things like patching and other tasks that require agent authentication. OEM does not support authenticating into the oracle user when it is configured as a role. After some back and forth with the sysadmins and a decree from management, sudo was installed on all Solaris servers.
In our case, it would be very helpful if OEM supported authentication and privilege delegation to an oracle user configured as a role. It would eliminate the need to install sudo on our Solaris servers. I'm a big fan of sudo, but it's not needed in our environment because Solaris RBAC provides the same functionality.
According to the sysadmins, RBAC accounts have advantages like preventing remote connections directly into the oracle account, better auditing, etc. But I'm not a sysadmin and can't give much details on that.
I hope it helps.
-- Fernando. To educate a man in mind and not in morals is to educate a menace to society. Theodore Roosevelt On Mon, Jun 13, 2016 at 7:08 PM, Peter Sharman <pete.sharman_at_oracle.com> wrote:Received on Thu Jun 16 2016 - 15:25:15 CEST
> Folks
>
>
>
> Got a question for you which you can answer on or off-list depending on
> your preferences - that is, if you want to answer at all! J
>
>
>
> If you need secured access to root (i.e. sudo-like functionality) what are
> you using to get that access? The reason I’m asking is because I was on a
> call with a customer this morning and they said sudo was old hat and no-one
> in their industry uses it any more. Now that’s the first I’ve heard of
> that, as just about every customer I’ve dealt with apart from this
> particular customer is using sudo quite happily. I occasionally run across
> PowerBroker, but that’s about it. I’d be interested to find what people
> are using, particularly since Enterprise Manager supports sudo or
> PowerBroker to get this functionality, and if people are moving away from
> that we need to look at broadening what we support in the product.
>
>
>
> Thanks!
>
>
>
> Pete
>
> [image: Oracle logo]
>
> Pete Sharman
> Database Architect, DBaaS / DBLM
> Enterprise Manager Product Suite
> 33 Benson Crescent CALWELL ACT 2905 AUSTRALIA
>
> Phone: +61262924095 | | Mobile: *+61414443449 <%2B61414443449>*
> Email: pete.sharman_at_oracle.com Twitter: _at_SharmanPete LinkedIn:
> au.linkedin.com/in/petesharman
> Website: petewhodidnottweet.com
> ------------------------------
>
> "Controlling developers is like herding cats."
>
> Kevin Loney, Oracle DBA Handbook
>
>
>
> "Oh no, it's not, it's much harder than that!"
>
> Bruce Pihlamae, long term Oracle DBA
> ------------------------------
>
>
>
-- http://www.freelists.org/webpage/oracle-l
(image/jpeg attachment: image001.jpg)