Re: Oracle 8i File Permission

If you change umask before installation you will not be able to execute the oracle binaries such as sqlplus from outside the owner's account (which most likely is "oracle"). If you change manually them you may have a paranoid system like the old SCO Openserver 5 with High Security that would remove each setuid bit if you chmod one of these binaries. Further, you may not know for sure which binaries are invoked altogether (sqlplus, for one, will invoke oracle). lsnrctl will invoke tnslsnr and so on.

Better you not touch it. I broke installations by changing it to umask 077 - if this happens change it back and do a "relink all" which will re-create the binaries.

Martin  

Frankie Li wrote:
>
> "Charles Leung" <c_at_c.com> wrote in message news:<aecde2$sgh$1_at_jupiter.ttn.net>...
> > what's your umask setting for installation user (usually, oracle)?
> >
> > "Frankie Li" <earthy_at_hkicable.com> wrote in message
> > news:e3b3b67b.0206131931.557ef62a_at_posting.google.com...
> > > Hello,
> > >
> > > I just complete a installation of Oracle 8i Database Server. After
> > > installation (and as the installation described), I found that many
> > > files in the oracle tree has world-permission enabled.
> > >
> > > Is there any method to get rid of this 'security concern'? I know I
> > > will be challenged by some security guys for allowing everyone in the
> > > server to run Oracle commands.
> > >
> > > Can I assign the product group (e.g. oinstall) to the user and remove
> > > world-permission of the Oracle directory tree? Will it grant too much
> > > privilege to the user?
> > >
> > > Thanks,
> > >
> > > Earthy
>
> Ah, 022, as suggested in the installation guide. By the way, it's the
> installation guide who said some world-permission is required in
> oracle files. Anyone ever send an query to Oracle and ask for security
> concern?
>
> Earthy
Received on Mon Jul 01 2002 - 06:34:32 CDT