- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: Best practices with Oracle and root access
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 06:21 AM
тАО02-09-2006 06:21 AM
Best practices with Oracle and root access
IMHO - no one other then a sysadmin needs root access.
I don't want this to be a rant, I'm looking for official doc(s)...so I can give to 1 Oracle admin who thinks he should have root access on the systems he supports.
Main reason - he doesn't want to "bother" us to run the root.sh script when doing installs or changes...
IMHO - why is it called root.sh - because Oracle (and SAP) want you to get a sysadmin to run that script for you.
Like I said, I don't need your opinions (as I'm sure they will be for the most part the same as mine) but I need some sort of document - and if it is from Orcale - so much the better - because this one DBA swears by everything put out by Oracle - IE - if Oracle says do this - he does.
Thanks...Geoff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 06:38 AM
тАО02-09-2006 06:38 AM
Re: Best practices with Oracle and root access
I'm pretty the manual(s) tell you to run root.sh, etc as root, or get one to run it for you, and that's about the whole of it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 06:38 AM
тАО02-09-2006 06:38 AM
Re: Best practices with Oracle and root access
I'm pretty sure the manual(s) tell you to run root.sh, etc as root, or get one to run it for you, and that's about the whole of it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 06:45 AM
тАО02-09-2006 06:45 AM
Re: Best practices with Oracle and root access
We don't give DBAs root access - ever.
We set up sudo rules for them to allow them to *only* do what they need to do.
If the don't tell us everything they need to do they have to wait until the next iterartion of the sudoers rule.
In emergencies we give them a "temp" rule to do what they need and then remove it when done.
My $0.02,
Jeff
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 06:52 AM
тАО02-09-2006 06:52 AM
Re: Best practices with Oracle and root access
(BTW, I did a quick Yahoo! search and didn't find anything useful as far as a best practice document on the subject.)
Jeff Traigle
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 06:57 AM
тАО02-09-2006 06:57 AM
Re: Best practices with Oracle and root access
My general method of heading DBA's off at the pass is "Give my your sys and system passwords." Generally they look at me like I'm insane. I can't be allowed access to their database! If they do give me their passwords, I immediately tell them that I have no need of those passwords and their release of the passwords indicates that they are not nearly security conscious enough to be granted super-user passwords.
Either way, they can't win.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 07:38 AM
тАО02-09-2006 07:38 AM
Re: Best practices with Oracle and root access
Personally though - SysAdmins and really good UNIX persons make the best and most efficient Oracle DBAs. If you are a "good" DBA and you've no idea about the underlying OS and infrasrtcuture that you are runing your instance on - then how can you ensure your instance(s) is getting the best and proper environment. There are also tools/routines/teechniques that a UNIX/Admin savvy DBA can call/utilize to further improve productivity.
My few cents.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 08:09 AM
тАО02-09-2006 08:09 AM
Re: Best practices with Oracle and root access
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 08:42 AM
тАО02-09-2006 08:42 AM
Re: Best practices with Oracle and root access
Generally the installer creates a new /etc/oratab or modifies it. It also creates or modifies the /var/opt/oracle file. For these reasons, they require root. (That's my guess, anyway.) You can get around that, if you wanted, by making permissions of those files appropriate for them to run as oracle. (Whether you should do this is really a question for you, not me.)
The script generally only takes a few seconds to run, it doesn't take a whole lot of time. I let our DBA's run this as root-priviledged themselves. (Sorry Clay) That doesn't mean I let them do anything else, I only trust them about as far as I can throw them...
In the past, they used to always call to have us run the file.
Hope it helps
John
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-09-2006 08:59 AM
тАО02-09-2006 08:59 AM
Re: Best practices with Oracle and root access
Oh and Shalom to you.
Oracle can be massively screwed up by having root access.
My Oracle DBA had root in Chicago because he was my backup. He never used it for dba tasks.
Note that Oracle sets up shared memory segments that you can view with the ipcs commands.
If the oracle dba does anything to a shared memory segment, runs the wrong utility as root or whatever, the segment is locked, the oracle user and database can not access it and the database crashes.
Very bad.
Now a doc. Or two.
http://www.google.co.il/group/comp.databases.oracle/browse_thread/thread/4ff31a8dfc6b58b7/16389f4eef802332%2316389f4eef802332?sa=X&oi=groupsr&start=2&num=3
Running root as internal
http://www.google.co.il/group/comp.databases.oracle.server/browse_thread/thread/d4d9a00908613f2c/475969081dafefd4%23475969081dafefd4?sa=X&oi=groupsr&start=1&num=3
A potential horror story:
http://lists.suse.com/archive/suse-oracle/2003-Mar/0189.html
http://www.oracle.com/technology/tech/linux/vmware/cookbook/stage2b_sles.html
The oracle dba's main reason is to not have to be root to run root.sh?
From experience and thats more important than any doc. You are right and he or she is wrong.
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com