- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - OpenVMS
- >
- Re: psuedo setup on openVMS
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 08:19 AM
тАО11-13-2008 08:19 AM
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 08:26 AM
тАО11-13-2008 08:26 AM
SolutionFreeware like HGLOGIN does the job
http://vms.process.com/scripts/fileserv/fileserv_search.exe?package=hglogin
and there are commercial packages which include this.
Purely Personal Opinion
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 08:39 AM
тАО11-13-2008 08:39 AM
Re: psuedo setup on openVMS
sudo and the ability to swap usernames is one of the banes of auditors and security folks in general. They *really* don't appreciate the lack of accountability here.
While it is possible (using personas, hglogin, wheel or other such) to do this, force-fitting a solution such as sudo can cause more problems than it solves. OpenVMS isn't Unix, and OpenVMS and its applications work differently than Unix. Far more of the process context is tied to the username and the login environment. Which means having a direct sudo analog doesn't necessarily haul over the login environment, the run-time environment (symbols and logical names), the process quotas, etc.
Process management and authentication and security are among the implementation areas of OpenVMS that are most different from Unix and Linux, too.
OpenVMS provides various alternatives to what sudo and such are used for, including ACLs. (ACLs are not as well developed on various Unix platforms.) Most folks use ACLs and identifiers and subsystem identifiers and such, which are techniques which have some similarities to what you can do with sudo and setuid and such. (And folks are getting away from using setuid on Unix, too.)
So. ... What task is it that you really want to do? What problem(s) are you looking to solve that would lead you to consider sudo? And what are the details of the OpenVMS version and platform here?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 08:54 AM
тАО11-13-2008 08:54 AM
Re: psuedo setup on openVMS
this is for auditing purposes so that we know who is using the oracle account and doing what.
regards
the platform is alpha AXP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 08:57 AM
тАО11-13-2008 08:57 AM
Re: psuedo setup on openVMS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 09:02 AM
тАО11-13-2008 09:02 AM
Re: psuedo setup on openVMS
I dont want people logging into this openVMS account directly but rather login into their own account first lets say 'USER1' and then sudo to ORACLE.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 09:33 AM
тАО11-13-2008 09:33 AM
Re: psuedo setup on openVMS
ORACLE is exceptionally privileged. Among other things, it has privileges such as CMKRNL, SYSPRV, MOUNT, LOG_IO, WORLD, OPER, SYSNAM, and SYSGBL - plus a couple of others that aren't that nice either. With those privileges available, your users can shut down your box in seconds by acting like ORACLE.
Far better would be that you relax some of the permissions to allow users to see the ORACLE folders. Then grant the users roles within ORACLE that specify what they can and can't do. Have them run the @ORAUSER script with the instance name as the P1 argument (on ORACLE 9) or @[...instancename]ORAUSER (on earlier ORACLE versions).
Now let ORACLE's internal security protect your database and let OpenVMS security protect the rest of the system.
We were lax with ORACLE a few years ago. Some jerk shut down our entire system by going into ORACLE and inadvertantly dropping a table. "Just seeing what I could do", he said.... Users are like that, which is why "USER" is surely counted among the nastiest of the four-letter words.
Good thing we still had the original transactions used to build that table. Otherwise, about x thousand people wouldn't have gotten paid that week. (Yes, it was a payroll-related system.)
If direct access to ORACLE's powers is required for your application, it is time to redo that application. You might not think that is a productive answer, but I assure you that it is a correct one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 09:35 AM
тАО11-13-2008 09:35 AM
Re: psuedo setup on openVMS
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 09:55 AM
тАО11-13-2008 09:55 AM
Re: psuedo setup on openVMS
If there is sensitive data, credit card data, healthcare data, regulatory-related data, business-critical data, or anything related to the current and continued operations of your company, the posited approach could well result in career-level problems at a minimum. For you. Directly.
If you need or want to take this course, disclose what you're doing fully to your manager and to corporate legal (if there is any sensitive data here), and get it all in writing.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО11-13-2008 10:19 AM
тАО11-13-2008 10:19 AM
Re: psuedo setup on openVMS
Getting this right requires understanding precisely what is trying to be done.
Managing the ORACLE database has certain requirements, this can be accomplished in some ways other than running things under ORACLE.
ORACLE's management environment has some quirks (I can say this having hit some of them).
I recommend careful review. If needed, get a someone with expertise in in-depth system management to review what the options are [Disclosure: We provide such services, as does Hoff and some other regular contributors].
- Bob Gezelter, http://www.rlgsc.com