Re: Delete UNIX files/tblsp owned by Oracle

gapinski_at_lerc.nasa.gov (Gary Gapinski) wrote:

>Place the data files that you allow users to delete in a directory whose
>owner is the oracle account and whose group includes those users allowed
>to create and delete files. chmod g+rwx the directory. The files will be
>owned by the oracle account but will be deletable by members of the group.
>Note that they are not coerced into dropping the tablespace before they
>can delete associated data files. Use as many such directories as there
>are distinct groups.
 

>BTW, if you're allowing users to drop tablespaces, perhaps they will be
>astute enough to manipulate the initSID.ora file, but, if not, place
>that file elsewhere.

Thanks -- I realize there are *big* security issues, but these people are contractors developing DSS application. The problem is that I need to execise some "change control".... I want them to be able to delete the files but not change "system settings" etc. Unfortunately I cannot move these files since we have them spread across many devices. I was trying to see if some script executing rm $1, owned by the Oracle UNIX id and belonging to UNIX dba group, having some "sticky-bit" permissions would allow a user in the dba group to execute it and be able to delete Oracle owned file. Is this possible? Thanks in advance.
Regards,
Perry A. McGrew (perrygrw_at_future.dreamscape.com) Received on Fri May 12 1995 - 00:00:00 CEST