HPE Community
Operating System - HP-UX
1832363 Members
2614 Online
110041 Solutions
New Discussion

Super-User rights for Oracle

 
Jeffrey Killian
Frequent Advisor

‎03-13-2003 05:35 AM

‎03-13-2003 05:35 AM

Super-User rights for Oracle

We have an Oracle DBA that wants to use the mknod command to create pipes to somehow improve performance of the DB. When he issues the command as the "Oracle" user, he gets "must be super-user" error. I suggested that he su to a super user profile (or root) to work the command. Is there any reason why I souldn't (can't) allow the "Oracle" user to have super-user rights?
0 Kudos
Reply
10 REPLIES 10
Pete Ellis
Trusted Contributor

‎03-13-2003 05:39 AM

‎03-13-2003 05:39 AM

Re: Super-User rights for Oracle

DON'T DO IT, they can use the mkfifo command to makes pipes.
0 Kudos
Reply
Pete Randall
Outstanding Contributor

‎03-13-2003 05:42 AM

‎03-13-2003 05:42 AM

Re: Super-User rights for Oracle

Lots of reasons, actually. You're giving away the "keys to the kingdom". Do you really want someone with an questionable knowledge level to have the ability to change ANYTHING on your system? I was once forced by management to share the root password with application programmers. It didn't take more than a week before one of them brought the system to it's knees by using a huge negative nice value so his "process would run faster". I still keep his fingers, pickled, in a jar on my desk with a sign that says "don't let this happen to you".

I would suggest that you look at sudo to give this person the specific command access they need (and I would think carefully before even granting that access). You can download it from the Porting and Archive Center:

http://hpux.cs.utah.edu/hppd/hpux/Sysadmin/sudo-1.6.6/



Pete

Pete
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎03-13-2003 05:42 AM

‎03-13-2003 05:42 AM

Re: Super-User rights for Oracle

hi,

"to somehow improve performance of the DB"
also ellaborate on how your Oracle DBA plans to do it.

We can help with other alternatives also...

revert
Regards
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
melvyn burnard
Honored Contributor

‎03-13-2003 06:28 AM

‎03-13-2003 06:28 AM

Re: Super-User rights for Oracle

Yes, It is known as the " able to sleep soundly" reason.
with those rights, they will be able to do ANYTHING, whether correctly, or incorrectly.
This would not let me sleep well.
My house is the bank's, my money the wife's, But my opinions belong to me, not HP!
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

‎03-13-2003 07:09 AM

‎03-13-2003 07:09 AM

Re: Super-User rights for Oracle

MY standard answer to this request is to ask him for the sys and system database password so that you can improve performance. Somehow they view that as different. Root privilidges should be reserved to a very small group of people. In fact, you should not even normally login as root but rather as a regular user just to make certain that you don't accidently become your own worst enemy. As mentioned, the mkfifo command can be used for this purpose. If there are legitimate reason to grant root usage then either use sudo (available from any of the HP-UX Porting Centre's) for a specific set of commands or create setuid wrappers.
If it ain't broke, I can fix that.
0 Kudos
Reply
Jeffrey Killian
Frequent Advisor

‎03-13-2003 07:33 AM

‎03-13-2003 07:33 AM

Re: Super-User rights for Oracle

The improvement that the DBA speaks of is during an export. He would "create a pipe to compress a file while doing an export."

BTW - I do have (and use) the sysman & sysadm passwords and will "jump in" as necessary when I find run-away jobs.


I will look at SUDO and MKFIFO to see if they will do the trick.
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎03-13-2003 09:33 AM

‎03-13-2003 09:33 AM

Re: Super-User rights for Oracle

The answer is simple. No.

Oracle is clear that you should not make the root user the owner of the database application. Giving that user root priviledges creates the same problems.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Volker Borowski
Honored Contributor

‎03-13-2003 11:19 AM

‎03-13-2003 11:19 AM

Re: Super-User rights for Oracle

Hi,

he should not need to create them all the time.

Create him a couple of "pipe*" and

chmod oracle:dba pipe*

them. He can use them as he likes.
Do not remove them, they do not expire :-)
He can reuse them as he likes.

Volker
0 Kudos
Reply
Yogeeraj_1
Honored Contributor

‎03-13-2003 08:13 PM

‎03-13-2003 08:13 PM

Re: Super-User rights for Oracle

hi,

you also consider using
exp files=(file1.dmp,file2.dmp,file3.dmp,....) filesize=N


and export will create many dmp files, each N bytes in size -- see the server
utilities guide for all of the details.

hth
Yogeeraj
No person was ever honoured for what he received. Honour has been the reward for what he gave (clavin coolidge)
0 Kudos
Reply
Alexander M. Ermes
Honored Contributor

‎03-13-2003 10:35 PM

‎03-13-2003 10:35 PM

Re: Super-User rights for Oracle

Hi there.
If these jobs are done by different people,
don't do it. Pipes can be created with mkfifo.
Also running the root.sh script should only be done by a sysadmin, not a dba.
At my place i do both jobs and i would never su from the oracle user.
Rgds
Alexander M. Ermes
.. and all these memories are going to vanish like tears in the rain! final words from Rutger Hauer in "Blade Runner"
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.