Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: file permission problem - 10g client on solaris

Re: file permission problem - 10g client on solaris

From: DA Morgan <damorgan_at_psoug.org>
Date: Sun, 22 Jul 2007 10:27:07 -0700
Message-ID: <1185125226.979694@bubbleator.drizzle.com> 





hpuxrac wrote:


> On Jul 22, 10:58 am, DA Morgan <damor..._at_psoug.org> wrote:


>> hpuxrac wrote:
>>> On Jul 19, 9:00 pm, DA Morgan <damor..._at_psoug.org> wrote:
>>>> Susan wrote:
>>>>> So I installed a 10.2.0.1.0 64-bit client on a Solaris 10 machine
>>>>> using downloaded file 10gr2_client_sol.cpio.gz.  After the
>>>>> installation, to my surprise all directories and files under
>>>>> $ORACLE_HOME are not readable and executable by group and other.  So
>>>>> other user won't even be able to use sqlplus or get into any of the
>>>>> directory under $ORACLE_HOME.  Yes I can do a chmod -R, but I am
>>>>> wondering is this normal?  I've installed 10.2.0.1.0 64bit RDBMS
>>>>> software many times and majority of the directories/files are readable
>>>>> by other users.
>>>> "Others" should not be given access to the server. If you are not
>>>> standing in the server room you, or have an equivalent connection,
>>>> you've no business using SQL*Plus on the server.
>>>> --
>>>> Daniel A. Morgan
>>>> University of Washington
>>>> damor..._at_x.washington.edu (replace x with u to respond)
>>>> Puget Sound Oracle Users Groupwww.psoug.org
>>> OP said "64 bit client".  Read the original post again.
>>> "Others" should not be given access?
>>> So you want people to run the client as oracle not a better choice for
>>> a unix user?
>> Based on what the OP wrote that is exactly what I mean. Which part of
>> "directories and files under $ORACLE_HOME are not readable and
>> executable by group and other" don't you see as a security issue?




> 

> 

> It's the client install.

> 

> When you install the client on a unix system you do that so you don't

> have to run as the unix oracle user.

> 


>> There is no reason anyone anyone other than the unix user oracle should
>> be directly accessing executables on the server unless the object is to
>> compromise system security and render any reasonable interpretation of
>> auditing moot.




> 

> It's a client install.  The client is installed to connect to oracle

> on a different machine.




Lets try again:



The OP wrote:


"So I installed a 10.2.0.1.0 64-bit client on a Solaris 10 machine"



64 bit Solaris client machine?



Not even in Ohio.

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org


Received on Sun Jul 22 2007 - 12:27:07 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US