Re: file permission problem - 10g client on solaris

From: DA Morgan <damorgan_at_psoug.org>
Date: Sun, 22 Jul 2007 07:58:35 -0700
Message-ID: <1185116315.243979@bubbleator.drizzle.com>

hpuxrac wrote:

> On Jul 19, 9:00 pm, DA Morgan <damor..._at_psoug.org> wrote:
>> Susan wrote:

>>> So I installed a 10.2.0.1.0 64-bit client on a Solaris 10 machine
>>> using downloaded file 10gr2_client_sol.cpio.gz. After the
>>> installation, to my surprise all directories and files under
>>> $ORACLE_HOME are not readable and executable by group and other. So
>>> other user won't even be able to use sqlplus or get into any of the
>>> directory under $ORACLE_HOME. Yes I can do a chmod -R, but I am
>>> wondering is this normal? I've installed 10.2.0.1.0 64bit RDBMS
>>> software many times and majority of the directories/files are readable
>>> by other users.

>> "Others" should not be given access to the server. If you are not
>> standing in the server room you, or have an equivalent connection,
>> you've no business using SQL*Plus on the server.
>> --
>> Daniel A. Morgan
>> University of Washington
>> damor..._at_x.washington.edu (replace x with u to respond)
>> Puget Sound Oracle Users Groupwww.psoug.org
> 
> OP said "64 bit client".  Read the original post again.
> 
> "Others" should not be given access?
> 
> So you want people to run the client as oracle not a better choice for
> a unix user?

Based on what the OP wrote that is exactly what I mean. Which part of "directories and files under $ORACLE_HOME are not readable and executable by group and other" don't you see as a security issue?

There is no reason anyone anyone other than the unix user oracle should be directly accessing executables on the server unless the object is to compromise system security and render any reasonable interpretation of auditing moot.

-- 
Daniel A. Morgan
University of Washington
damorgan_at_x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org

Received on Sun Jul 22 2007 - 09:58:35 CDT