Re: Start/Stop of DB by root

/* Written 8:08 pm Mar 13, 1993 by claborne_at_npg-sd.UUCP in tisdec.tis.tandy.com:comp.databases.oracle */
/* ---------- "Start/Stop of DB by root" ---------- */

   It seams that I was getting away with something undocumented when I had my starup / shutdown database script in the UNIX, start/stop shells. Now that I upgraded, I have root has to belong to "dba" group for it to work.

   Are there any work, arrounds to this?

   Running UNIX V.4.

                                    ...  __o
                                   ..  _`\<,
chris.claborne_at_sandiegoca.ncr.com  ...(*)/(*).                 CI$: 76340.2422

/* End of text from tisdec.tis.tandy.com:comp.databases.oracle */

Some Einstien at ORALCLE decided to take a security issue away from the SYSTEM's ADMINISTRATOR and locks out any account that also belongs to the DAEMON group. There may be other groups that _THEY_ have decided to be unsafe for a DBA administrator to belong to, but this one they admit to adding in 6.0.3x. But the failed to document it anywhere.

It is not the softwares job to decide not to let someone have prileges based on other NON-associated groups, but it is acceptable to deny access if you are not in a particular group.

There are two work arounds for this DEBACLE:

1. Remove root from the daemon group.
2. add authorized users to the dba group. (in the rc.local scripts su to oracle)

And most definitly HARASS, HARASS, HARASS ORACLE about this FUBAR mistake.

I would recommend doing the SU trick in /etc/rc.local even if ORACLE had not taken it upon themselves to secure the system.

Chris Riney                     Domain: chris_at_tisdec.tis.tandy.com
Tandy Information Services        UUCP: ...!trsvax!tisdec!chris
Tandy Technology Sqr, Suite 200
Fort Worth, TX 76102             Phone: 817/878-0308; 8:00am-5:00pm CST,Mo-Fr