Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: svrmgrl privileges

Re: svrmgrl privileges

From: L120bj <l120bj_at_aol.com>
Date: 1997/03/13
Message-ID: <19970313213201.QAA22437@ladder01.news.aol.com>#1/1 







If I remember rightly /etc/group only stores users secondary groups, not
their primary groups, this is held in /etc/passwd.  If you logon as oracle
and type 


id


does it show you as being part of the dba group.  If so, then that is why
oracle can still execute svrmgr when the group execute permission is set,
you can change a user's primary group, but I would not recommend it for
the oracle user, since I'm sure the documentation states that oracle must
be a member of the dba group.






Subject: svrmgrl privileges


From: Coburn Watson <cpw_at_slip.net>


Date: Wed, 12 Mar 1997 11:20:34 -0800


Message-ID: <33270202.794B_at_slip.net>



I have two instances running on a single (Irix) server.  Since certain
select users have access to the oracle software owner password, I would
like to remove their ability to access either db through
svrmgr(connecting as internal).  I have changed the owner of svrmgr to a
different user than the oracle software owner, and the group is dba.
The oracle(software owner) user isn't a member of the dba group in
/etc/group.  If execute permission is set for the group dba on svrmgr,
then the oracle account can run svrmgr and connect as internal...no
questions asked.  If I remove the execute permission for the dba group,
then the oracle account can't run svrmgr.  Does someone know if there is
something in the code of svrmgr which automagically makes the oracle
software owner a member of the dba group?



My understanding (which may be incorrect), is that there isn't a way to
set a password for the internal user for svrmgr.  This, I assumed, was a
result of being able to run svrmgr, and connect internally, while the
database (which contains the users/passwords) is still down.  Please
inform me if this is incorrect, as setting a password for "internal"
would be easier than the roundabout steps I've been taking. 



I realize the easiest possibility is to change the oracle software
account passwd, but currently this isn't an simple option.



For all of the above "svrmgr" I'm actually referring to svrmgrl.




Thanks in advance,



Coburn Watson


Information Systems Support - Research


Scios, Inc.


cpw_at_slip.net



yes, my opinions are my own.....
Received on Thu Mar 13 1997 - 00:00:00 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US