Re: Different OS user to start/stop listener
- From: Brent Day <coloradodba@xxxxxxxxx>
- To: exriscer@xxxxxxxxx, pete@xxxxxxxxxxxxxxxx, Oracle Mailinglist <oracle-l@xxxxxxxxxxxxx>
- Date: Fri, 4 Nov 2011 14:29:01 -0600
Have you looked into using sudo or powerbroker? Either of these options
should provide you with the ability to grant a specific user or group of
users the ability to execute commands. We utilize sudo to allow our
offshore resources to execute a variety of Oracle commands under their own
account. This allows us to track and monitor things and does't give away
the keys to the kingdom.
Brent
On Fri, Nov 4, 2011 at 2:19 PM, LS Cheng <exriscer@xxxxxxxxx> wrote:
> Hi Peter
> The reason I am trying to do this is that I am going to give some operators
> privilege to start/stop listener and the database, hence I have created
> osoper group.
>
> The thing is that each operator has their own OS user and each of them
> requieres osoper, if only one user can manage the listener then I have a
> big problem, if the guy who started the listener is not in his shift I will
> have to call root to stop/kill his process.
>
> I just found the option to relax the security o revert to older version
> behaviour by setting LOCAL_OS_AUTHENTICATION_LISTENER to OFF, this solves
> the problem everyone in osdba and osoper group can start/stop the listener
> but the log problem still persists due to the 640 permission.
>
> If relaxing is not a good option, I guess my only choice to solve both
> issues is create a generic osoper user to manage the listener process?
>
> Thank you
>
> --
> LSC
>
>
--
//www.freelists.org/webpage/oracle-l
Other related posts:
