HPE Community
Operating System - HP-UX
1835245 Members
2678 Online
110078 Solutions
New Discussion

How to make one user has READ ONLY access to all "oracle" files?

 
yyghp
Super Advisor

‎11-18-2005 06:16 AM

‎11-18-2005 06:16 AM

How to make one user has READ ONLY access to all "oracle" files?

One user asked to have READ ONLY access to ALL oralce directories/files, which are owned by "oracle:oinstall". I can't let this user use "oracle" account, and I can't add the user into "oinstall", and "oracle" directories and files are all over the filesystem, most of them are like "-rwxr-x---" or "-rw-r-----", it's not good to "chmod" all of them to "o+rx" for directories, and "o+r" for files, because I don't want other users to read those dirs/files.
So, any suggestion for this issue?
Thanks a lot!
0 Kudos
Reply
4 REPLIES 4
Pete Randall
Outstanding Contributor

‎11-18-2005 06:19 AM

‎11-18-2005 06:19 AM

Re: How to make one user has READ ONLY access to all "oracle" files?

Can you make him part of the group "oinstall"? If not, then you would have to set something up with sudo, I guess.


Pete

Pete
0 Kudos
Reply
yyghp
Super Advisor

‎11-18-2005 06:20 AM

‎11-18-2005 06:20 AM

Re: How to make one user has READ ONLY access to all "oracle" files?

no, i can't add the user into "oinstall" group.
0 Kudos
Reply
john korterman
Honored Contributor

‎11-18-2005 06:32 AM

‎11-18-2005 06:32 AM

Re: How to make one user has READ ONLY access to all "oracle" files?

Hi,

one way would be to assign the user to the necessary groups and then let himself change to the relevant group by "newgrp" when necessary. However, if you do not want to assign him to oinstall in the first place, this limits the possibilities, but if files in group oinstall have read permission for "others" you might still be able to puzzle something together by assigning the user to different secondary groups.

regards,
John K
it would be nice if you always got a second chance
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎11-18-2005 09:49 AM

‎11-18-2005 09:49 AM

Re: How to make one user has READ ONLY access to all "oracle" files?

It would be something of a pain for just 1 user but you could setup ACL's. I can't imagine why someone would want read-only access at the OS level to Oracle files because I can't think of a legitimate reason why anyone would ever access Oracle data w/o going through the database itself. If this is some sort of security auditor then a good compromise might be a cron'ed or sudo'ed task that does a find looking for all these files and displays an ls -l and checksum for each file. He would then only need access to this listing.
If it ain't broke, I can fix that.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.