Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: file permission problem - 10g client on solaris

Re: file permission problem - 10g client on solaris

From: hpuxrac <johnbhurley_at_sbcglobal.net>
Date: Sun, 22 Jul 2007 10:04:12 -0700
Message-ID: <1185123852.028592.316000@r34g2000hsd.googlegroups.com> 





On Jul 22, 10:58 am, DA Morgan <damor..._at_psoug.org> wrote:


> hpuxrac wrote:

> > On Jul 19, 9:00 pm, DA Morgan <damor..._at_psoug.org> wrote:

> >> Susan wrote:

> >>> So I installed a 10.2.0.1.0 64-bit client on a Solaris 10 machine

> >>> using downloaded file 10gr2_client_sol.cpio.gz.  After the

> >>> installation, to my surprise all directories and files under

> >>> $ORACLE_HOME are not readable and executable by group and other.  So

> >>> other user won't even be able to use sqlplus or get into any of the

> >>> directory under $ORACLE_HOME.  Yes I can do a chmod -R, but I am

> >>> wondering is this normal?  I've installed 10.2.0.1.0 64bit RDBMS

> >>> software many times and majority of the directories/files are readable

> >>> by other users.

> >> "Others" should not be given access to the server. If you are not

> >> standing in the server room you, or have an equivalent connection,

> >> you've no business using SQL*Plus on the server.

> >> --

> >> Daniel A. Morgan

> >> University of Washington

> >> damor..._at_x.washington.edu (replace x with u to respond)

> >> Puget Sound Oracle Users Groupwww.psoug.org

>

> > OP said "64 bit client".  Read the original post again.

>

> > "Others" should not be given access?

>

> > So you want people to run the client as oracle not a better choice for

> > a unix user?

>

> Based on what the OP wrote that is exactly what I mean. Which part of

> "directories and files under $ORACLE_HOME are not readable and

> executable by group and other" don't you see as a security issue?





It's the client install.



When you install the client on a unix system you do that so you don't
have to run as the unix oracle user.



>

> There is no reason anyone anyone other than the unix user oracle should

> be directly accessing executables on the server unless the object is to

> compromise system security and render any reasonable interpretation of

> auditing moot.




It's a client install.  The client is installed to connect to oracle
on a different machine.
Received on Sun Jul 22 2007 - 12:04:12 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US