Re: Cron management...
- From: "Mladen Gogala" <dmarc-noreply@xxxxxxxxxxxxx> (Redacted sender "mgogala@xxxxxxxxx" for DMARC)
- To: oracle-l@xxxxxxxxxxxxx
- Date: Sun, 12 Apr 2015 22:25:44 -0400
On 04/12/2015 10:11 PM, MARK BRINSMEAD wrote:
The sysadmins here are simply being cautious -- as well they should
be. I, too, would be concerned about a network service that runs as
"root" and can -- by design -- run any command as any user at any
time, based on instructions received from a remote server, and I would
also want to be convinced of its safety before deploying it.
Mark, you are aware that this argument can apply to any 3rd party
scheduler, even NetBackup itself? Namely, NetBackup has a part that runs
as root and executes scripts in /usr/openv/netbackup/bin. What does that
mean? That you would install no 3rd party scheduler or NetBackup? That
also applies to ssh. By extension, it applies to OEM. If you enable
external jobs on the system, the centralized OEM scheduler is designed
to execute any command that is configured as a batch job.
Products like OEM, Tidal, Control-M and NetBackup encrypt the
communication between the different nodes, usually using SSL. Systems
like that usually accept commands from a single IP address and only if
properly authorized. Your caution eliminates a whole class of very
useful products from being installed. I am all for helping the DBA, when
there is a DBA problem. This is not such case.
--
Mladen Gogala
Oracle DBA
http://mgogala.freehostia.com
--
//www.freelists.org/webpage/oracle-l
Other related posts: