dbaplusplus_at_hotmail.com wrote:
> My question is more of UNIX admin question, but since some people in
> this group are both UNIX and Oracle administartors, I am asking here
> for advice.
>
>
> I have Oracle installed as oracle UNIX login on a HP UNIX 11i,
> Oracle processes also run from oracle UNIX login. Oracle is writing
> some audit files in a directory. Is there anyway for me to ensure:
>
> 1. audit files cannot be deleted by oracle.
> 2. audit files cannot be modified by oracle outside of oracle
> processes, i.e., oracle processes can obviously write the information,
> but I if I login using oracle, I cannot edit the file.
>
> Only solution I know is to have a cron script that runs every few
> minutes, which will change the ownership of files to root (or a non
> oracle login). But then the script has to figure out when the file is
> completely written (i.e., oracle is done with all its writing. I.e., no
> longer will write to this file ...).
>
> Are there other solutions? Any pointers will be helpful.
>
> Thanks
>
Install and run oracle from an account that nobody has permissions to.
Allow read only access to other accounts for the audit files.
Received on Mon May 08 2006 - 08:32:18 CDT
