| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: 2 instances (2 users) and security
HARI OM wrote:
> I am using Oracle 9.2.0.1 on HP Intel Servers running SuSE 9.0.
>
> My Oracle SW is OWNED by USER: LARRY and GROUP:ELLISON
>
> I have 2 Instances running on it: CAL (caluser as its main user) and
> BOM (bomuser as its main user)
>
Why two instances?
> Users of one instance should NOT have access to another instance.
> (for security purposes)
>
See below; your security system has a huge hole that would let a truck drive through it.
> On Server, I have following Directory set up with user:group:
>
> /data/cal/ (caluser:ellison)
> /data/bom/ (bomuser:ellison)
>
And this is why.
> Since BOMUSER belongs to same group as CALUSER... can CALUSER have
> access to data in BOM?
>
Yes. See below for why this is true.
> WHAT is the BEST way to have users of these 2 Instances able to access
> their individual instances without interfering other...
>
Make two different SCHEMAS in the same database and stop having multiple instances for multiple users.
> Should CALUSER and BOMUSER belong to same group?
Yes.
> Should they belong to GOUP ELLISON?
>
No.
> Any related information on above is appreciated.
>
> HARI OM
Read on:
If ellison is your 'dba' group then, yes, bomuser and caluser can start/stop/access each other's instances since they can be SYS as SYSDBA in eiher instance (the ellison group provides this access). Try it yourself and see:
$ su - bomuser
Password:
$ export ORACLE_SID=CAL
$ sqlplus /nolog
<header and banner information here>
SQL> connect / as sysdba
Connected.
SQL>
$ su - caluser
Password:
$ export ORACLE_SID=BOM
$ sqlplus /nolog
......
SQL> connect / as sysdba
Connected.
SQL>
The above is what you should see. Why you have regular users in the
equivalent of your 'dba' group is beyond me, as this is a security hole
just begging to be abused. You SHOULD only have the software owner
(larry) in the ellison group for security reasons. "Main users" are
not DBAs, and should not have such privileges, either in the database
through grants or through the O/S through group association. All DBAs
should be in a diffeerent O/S group so they can't indicriminantly gain
SYS as SYSDBA access, and not without a password. I'm also wondering
why you have two instances when two separate schemas would suffice.
You have a security issue just begging to be exploited with your current Linux user configuration. You need to understand what you're doing and what you WANT done, so you don't end up in this situation again.
David Fitzjarrell Received on Fri Jun 10 2005 - 16:48:44 CDT
 |
 |