HPE Community
Operating System - HP-UX
1828238 Members
2373 Online
109975 Solutions
New Discussion

su as oracle in a script is there a way to pass the password

 
Jim Tropiano_1
Frequent Advisor

‎07-11-2005 04:28 AM

‎07-11-2005 04:28 AM

su as oracle in a script is there a way to pass the password

Want to run a script as for example oracle user with the same capibilites as oracle.

When the script run the UID is = 0 (root) and the euid is oracle - I want any certain user to run this script but get the capibilites of oracle when it runs
0 Kudos
10 REPLIES 10
Rick Garland
Honored Contributor

‎07-11-2005 04:37 AM

‎07-11-2005 04:37 AM

Re: su as oracle in a script is there a way to pass the password

When running this script as root UID=0

su - oracle -c "your_script_name.ksh"

This will run the script as the oracle user picking up the oracle environment
0 Kudos
Mel Burslan
Honored Contributor

‎07-11-2005 04:37 AM

‎07-11-2005 04:37 AM

Re: su as oracle in a script is there a way to pass the password

keeping security concerns on top of your priorities list, you can encapsulate your command in another shell script as such :

su - oracle -c "/full/path/to/my/script.sh"

it will inherit the oracle user's shell environments while running your script.
________________________________
UNIX because I majored in cryptology...
0 Kudos
TwoProc
Honored Contributor

‎07-11-2005 04:38 AM

‎07-11-2005 04:38 AM

Re: su as oracle in a script is there a way to pass the password

From what little information you've supplied here, I'm guessing that the best and most secure way to get this functionality is with the "sudo" command which can be downloaded from the HPUX Porting Archive. If it is an administrative type of thing (shutdown Oracle, startup Oracle, backup Oracle) - you can also use SAM and configure the user menus in there and give a user permissions to run an Oracle script which would have the password buried in inside (don't leave permissions for others to read the file please!). That way, the user that's running the script can't read it, and won't know your Oracle password, and you can limit who can run the script via login restrictions.
We are the people our parents warned us about --Jimmy Buffett
0 Kudos
Jim Tropiano_1
Frequent Advisor

‎07-11-2005 04:39 AM

‎07-11-2005 04:39 AM

Re: su as oracle in a script is there a way to pass the password

Sorry I mistaken - I will be signed on as a different user not root. like user1 then somehow what to run as oracle to bring up or down an instance.
0 Kudos
Patrick Wallek
Honored Contributor

‎07-11-2005 04:39 AM

‎07-11-2005 04:39 AM

Re: su as oracle in a script is there a way to pass the password

Your best bet would be to look into a program such as sudo.

This would allow users to run the script as root, thus allowing the script to su to oracle without requiring a password.

You can get sudo from:

SUDO Homepage:
http://www.gratisoft.us/sudo/

The Porting and Archiving Centre for HP-UX: http://hpux.connect.org.uk/hppd/hpux/Sysadmin/sudo-1.6.8p7/
0 Kudos
Mel Burslan
Honored Contributor

‎07-11-2005 04:44 AM

‎07-11-2005 04:44 AM

Re: su as oracle in a script is there a way to pass the password

in short of giving out the oracle account's password to anyone who will do this, you can do it via sudo on the free side or if you want better logging for audit purposes, you can go with powerbroker from http://www.symark.com.

Either provides the functionaity you are looking for. One is free, i.e., you are on your own, other requires a licensing fee and comes with handholding when you are in trouble.

Take your pick.
________________________________
UNIX because I majored in cryptology...
0 Kudos
Rick Garland
Honored Contributor

‎07-11-2005 05:02 AM

‎07-11-2005 05:02 AM

Re: su as oracle in a script is there a way to pass the password

As mentioned by others, use SUDO.

The application will keep logs of who did the deed and when.

Can be downloaded from HP or from www.courtsean.com at no charge
0 Kudos
Jim Tropiano_1
Frequent Advisor

‎07-11-2005 11:42 PM

‎07-11-2005 11:42 PM

Re: su as oracle in a script is there a way to pass the password

Thanks for all the input. It was helpful.

We are also brainstroming to come up with an alternative way. One way might be creating a file that is owned by oracle and is ust RW at the owner level and passing that to a script by setting the sticky bit to run as the owner of the script.

0 Kudos
C. Beerse_1
Regular Advisor

‎08-11-2005 04:06 AM

‎08-11-2005 04:06 AM

Re: su as oracle in a script is there a way to pass the password

There are many ways to pass the password, there are even ways to do without.

The origional unix way is to make the uid of the script 'oracle' and set the s-bit. Specially for scripts, this is considdered insecure, however, it wil get you going.

To have a more secure way using s-bits, use tools like `super` or `sudo`. They have some means of controll on who can run it and/or if a password is required (the originating users password, not oracle-s). They also provide some logging.

Then there is the `remsh localhost -l oracle` way: This both changes the uid and the euid.
make everything as simple as possible, not simpler (A.Einstein??)
0 Kudos
Jim Tropiano_1
Frequent Advisor

‎08-11-2005 04:09 AM

‎08-11-2005 04:09 AM

Re: su as oracle in a script is there a way to pass the password

thanks for responses
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.