Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Usenet -> c.d.o.server -> Re: Unix Setuid to dba user to run system reports does not work
Hi Sanjeev,
this is not a Oracle, but a Unix Problem.
Setting UserID Bit on shell scripts does not work, because this would
be a severe security leak.
Therefore UserIDBit only works on real executables.
Here is a simple example.c, it runs in Linux Environment.
int main(int argc,char *argv[])
{
int ret=0;
setuid(0); // 0 is always "root" take the UserIdNumber from
/etc/passwd if you want another user
system("sh"); // you can write "system("myscript");
return(ret);
}
after compiling it "make example",
make "chown root example"
and set the Setuid Bit as root.
Be careful, because you may generate a severe security leak !!!!!! Decide, if it is really necessary and there is no other way !!!!! Donīt forget to make the script called by "system()" readonly !!!!!Otherwise everybody is able to get a root shell !!!
If you want to get a better control, change "system("sh");" to fork() and
exec().
On other Unixes you may have to do some little portings, but the principle
is the same.
I say it again, WORKING WITH SETUID IS VERY DANGEROUS AND SHOULD NEVER BE USED !!!! regs. Lothar.
Sanjeev Parikh schrieb in Nachricht ...
>Hi
>
>I want to be able to setup a oracle user account that has dba privilage for
>the purpose of providing some system level reports to be run by users.
>
>I was going to user setuid on the script file to that of the dba user so
>whenever anyone runs the script it takes the dba owners id. However it
>does not seem to work.
>
>The script executes a system report. I'm planning to provide other
>functionality too.
>
>Can anyone help?? I'm sure someone has done this before.
>
>
>sanjeev parikh
>sparik_at_acxiom.co.uk
>
>
>
Received on Thu Feb 18 1999 - 11:22:15 CST