Re: Different OS user to start/stop listener

From: Pete Finnigan <pete_at_petefinnigan.com>
Date: Fri, 04 Nov 2011 18:30:53 +0000
Message-ID: <4EB42F5D.4020007_at_petefinnigan.com>

In 10g the local listener authentication worked at the OSDBA group level, in 11g it works at the user level hence you get this error message.

You need to simply stop and start the listener with one user and make sure that user owns the logs.

Doint relax security, Oracle have made the secruity of the listener stronger so it makes sense not to weaken it.

cheers

Pete

LS Cheng wrote:
> Hi
> Does anyone know if it is possible to stop a listener started by another
> user in 11gR2 (I am not sure if 10g had same behaviour).
>
> For instance I have user1 and user2 as dba users in the operating system,
> if user1 starts listener then it seems that only user1 can stop the
> listener, when trying with user2 I am getting
>
> TNS-01190: The user is not authorized to execute the requested listener
> command
>
> I also have a problem with the logfile, since the listener logfiles are
> created with 640 permission if I start the listener using a user who didnt
> create this file before then nothing is written in the log, this obvious
> due to 640 permission but the not so obvious thing is I dont get any
> complaints when starting the listener as another user.
>
> Anyone's got experience with these issues :-? May be I need to relax some
> security restrictions?
>
> Thanks
>
> --
> LSC
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
>

-- 

Pete Finnigan
CEO and Founder
PeteFinnigan.com Limited

Specialists in database security.

Makers of PFCLScan the database security auditing tool.
Makers of PFCLObfuscate the tool to protect IPR in your PL/SQL

If you need help to audit or secure an Oracle database, please ask for
details of our training courses and consulting services

Phone: +44 (0)1904 791188
Fax  : +44 (0)1904 791188
Mob  : +44 (0)7759 277220
email: pete_at_petefinnigan.com
site : http://www.petefinnigan.com

Registered Office: 9 Beech Grove, Acomb, York, YO26 5LD, United Kingdom
Company No       : 4664901
VAT No.          : 940668114

Please note that this email communication is intended only for the
addressee and may contain confidential or privileged information. The
contents of this email may be circulated internally within your
organisation only and may not be communicated to third parties without
the prior written permission of PeteFinnigan.com Limited.  This email is
not intended nor should it be taken to create any legal relations,
contractual or otherwise.

--
http://www.freelists.org/webpage/oracle-l

Received on Fri Nov 04 2011 - 13:30:53 CDT

This message: [ Message body ]
Next message: Hans Forbrich: "Re: Different OS user to start/stop listener"
Previous message: Greg Rahn: "Re: Can t get INSERT /*+ APPEND */ to indicate direct load in execution plan"
In reply to: LS Cheng: "Different OS user to start/stop listener"
Next in thread: LS Cheng: "Re: Different OS user to start/stop listener"
Reply: LS Cheng: "Re: Different OS user to start/stop listener"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message