Operating System - HP-UX
1748180 Members
4142 Online
108759 Solutions
New Discussion юеВ

Re: permissions on group and other groups

 
Xiaogang Zheng
Advisor

permissions on group and other groups

Hi,

The Oracle 10g has the permission setting on its ORACLE_HOME folder that is not the same as 9i.

drwxr-x--- 66 oracle oinstall 2048 Jun 24 15:14 OraHome102

It sets drwxr-xr-x on 9i. Maybe it is for the security reason. This remind me to restrict the access on ORACLE_HOME.

I am asking how to setup the permission that a user belonging to group "orausers" (not in "oinstall") can execute some (just some, not all in $ORACLE_HOME\bin) utilities (like sqlplus, expdp etc.) and avoid other users (not in "oinstall" and "orausers") to access ORACLE_HOME.

Thank you.
Xiaogang

5 REPLIES 5
Kenan Erdey
Honored Contributor

Re: permissions on group and other groups

Hi,

to give permission other users to execute utulities as if they are oracle, you can use
sudo. this is manual page:

http://www.sudo.ws/sudo/man/sudoers.html

and this is the download page:

http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.9p16/

>drwxr-x--- 66 oracle oinstall 2048 Jun 24 15:14 OraHome102

with this permission set, other users can't already cd to $ORACLE_HOME.

Kenan.




Computers have lots of memory but no imagination
Rajesh K Rajan
Advisor

Re: permissions on group and other groups

In Oracle Database 10g Release 2, the Oracle Home was locked locked down by setting umask to 007 prior to installation. This had the affect of removing read,write,execute permissions for others on most files and directories.

You could run the $ORACLE_HOME/install/changePerm.sh to relax the permissions.

Alternatively, if this is a DB server and you have clients on it(????), you could install a separate /opt/oracle/product/10.2.0/client_1 for a client installation.
This would comply with the OFA, and will have effect of removing dependencies, if you want to apply a client only patch or a DB only patch too.

For selected executables alone, Kenan's suggestion is more apt, as you have more control on specifics, but be aware that your users will not be able to use sqlplus without having access to the lib / msb files in other directories.

Best Regards.
Kenan Erdey
Honored Contributor

Re: permissions on group and other groups

H,

>but be aware that your users will not be able to use sqlplus without having access to the lib / msb files in other directories.

Yes, but if you add corresponding env variables in users profile it's possible.
Computers have lots of memory but no imagination
Dennis Handly
Acclaimed Contributor

Re: permissions on group and other groups

>Kenan: but if you add corresponding env variables in users profile it's possible.

Rajesh was saying that ENV vars won't let you access shlibs that are not executable. You need to make those lib directories R & X.
Kenan Erdey
Honored Contributor

Re: permissions on group and other groups

Hi,

i see. in the OS(with oracle 9i) i tried, it was r,x.thanks.
Computers have lots of memory but no imagination