Tough question for oracle DBAs/Solaris Admins. Log shipping.

We know that Oracle and SUN/Solaris go together quite well on high end installs. To insure an audit trail for BASEL , HIPPA, Sarbanes Ox and other federal laws, one can ship oracle logs to an offsite server. Yet, how can this guarentee an audit trail, when Solaris does not support immutable files? Immutable files are files where not even root can change/delete/move a file set as immutable.

We know, that an administrator with root access can change the settings in UNIX to have the logs shipped elsewhere and not to the intended offsite server. Maybe /dev/null. If you have a config file set as immutable the admin, even as root cannot change the setting where the log files are sent.

The FreeBSD and OpenBSD have immutable files. When designing ZFS, which is an awesome filesystem, why didn't SUN's engineers have a look at the BSD's and take the concept of immutable files into ZFS? After all, don't FreeBSD and Solaris share a very common lineage? If I were a Solaris FileSystem developer, I'd at least take a look at what the competition is doing when building a next - gen filesystem. I do admit, that this is the only shortfall of ZFS that I can think of but it is kind of significant.

 For the Oracle DBAs, how can you guarentee an audit trail without immutable files? Is there an Oracle solution to this vexing dilema of a system administrator being able to change the file that contains the setting which tells the operating system where to ship the log files? Received on Fri Sep 01 2006 - 14:28:12 CDT