Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: file permission problem - 10g client on solaris

Re: file permission problem - 10g client on solaris

From: DA Morgan <damorgan_at_psoug.org>
Date: Sun, 22 Jul 2007 17:09:06 -0700
Message-ID: <1185149346.738968@bubbleator.drizzle.com> 





sybrandb_at_hccnet.nl wrote:


> On Sun, 22 Jul 2007 07:58:35 -0700, DA Morgan <damorgan_at_psoug.org>

> wrote:

> 


>> There is no reason anyone anyone other than the unix user oracle should
>> be directly accessing executables on the server unless the object is to
>> compromise system security and render any reasonable interpretation of
>> auditing moot.




> 

> Actually it is just the opposite. Forcing Unix users to use oracle or

> to su to oracle  poses a security risk. We had an issue once where

> 'someone' deleted the passwordfile and the init.ora of several

> databases. Only the unix user oracle could access the database.

> *Everyone* knew the password.




My point exactly. There are only two people who should ever be able to
access an Oracle server ... the operating system SA and the DBA. Thus
no one else needs access to anything on the machine except via SQL*NET
or a secure and tested interface.



If an organization is sloppy with respect to who has the userid/pwd
for either the root or oracle then they deserve what they get. Changing
permission of operating system files will not save anyone from flagrant
stupidity: Firing those that share passwords will.

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org


Received on Sun Jul 22 2007 - 19:09:06 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US