Re: Cron management...

  • From: "Mladen Gogala" <dmarc-noreply@xxxxxxxxxxxxx> (Redacted sender "mgogala@xxxxxxxxx" for DMARC)
  • To: oracle-l@xxxxxxxxxxxxx
  • Date: Sun, 12 Apr 2015 22:25:44 -0400

On 04/12/2015 10:11 PM, MARK BRINSMEAD wrote:

The sysadmins here are simply being cautious -- as well they should be. I, too, would be concerned about a network service that runs as "root" and can -- by design -- run any command as any user at any time, based on instructions received from a remote server, and I would also want to be convinced of its safety before deploying it.

Mark, you are aware that this argument can apply to any 3rd party scheduler, even NetBackup itself? Namely, NetBackup has a part that runs as root and executes scripts in /usr/openv/netbackup/bin. What does that mean? That you would install no 3rd party scheduler or NetBackup? That also applies to ssh. By extension, it applies to OEM. If you enable external jobs on the system, the centralized OEM scheduler is designed to execute any command that is configured as a batch job.
Products like OEM, Tidal, Control-M and NetBackup encrypt the communication between the different nodes, usually using SSL. Systems like that usually accept commands from a single IP address and only if properly authorized. Your caution eliminates a whole class of very useful products from being installed. I am all for helping the DBA, when there is a DBA problem. This is not such case.

--
Mladen Gogala
Oracle DBA
http://mgogala.freehostia.com

--
//www.freelists.org/webpage/oracle-l


Other related posts: