Hi Chris Thanks for your response. So, I think you are saying it's possible to configure sudo like this: If I can only run myscript.sh as root and myscript.sh does "/bin/rm -fr /" , the script will fail because i don't have "/bin/rm" as root. Have I got that right? On 3 Feb 2014, at 17:15, Chris Taylor <christopherdtaylor1994@xxxxxxxxx> wrote: > sudo is setup to limit what you can run - so even if you have sudo access and > you modify the root.sh script, you can still _only_ run what you have sudo > access to do. So, as long as your sudo setup is correct, there is nothing > you can do in the root.sh script that can cause damage. Another way to look > at it - if you have sudo access and there is something damaging you can do, > you can do it without modifying the root.sh script. The dependency here is > that sudo is setup correctly. > > Chris > > > > On Mon, Feb 3, 2014 at 11:08 AM, Austin Hackett <hacketta_57@xxxxxx> wrote: > Hi List > > If you work in a security conscious environment, I'd be keen to hear how your > site handles the root.sh script. > > To give you some background: > > In my environment, DBAs are currently given direct root access to allow them > to run root.sh. However, the SA Team would like to tighten this up. If giving > the DBAs direct root access isn't acceptable (not even temporarily) then two > options spring to my mind: > > 1) SA team run root.sh on behalf of the DBAs. Geography and logistics in my > organisation are such that having an SA walk over to the DBAs desk is a > realistic option. Our SAs aren't keen on this approach > 2) Give DBAs the ability to run root.sh as the root user via sudo. This, of > course, means that DBAs can run anything they like by editing root.sh, so > doesn't really help. Understandably our SAs don't like this approach > > I am being asked to look into keeping Oracle software version specific > root.sh scripts in a root-owned location (we are Linux only, so no > multi-platform concerns). This would allow for secure sudo privileges. We'd > need these for RDBMS, Grid Infrastructure, and Client. > > However, I've explained the scripts are dynamically generated by > runInstaller and have the Oracle Home path hard-coded into them. We'd need a > root-owned root.sh for every distinct ORACLE_HOME path we create (some hosts > have multiple homes, so there's dbhome_1, dbhome_2 etc.). Maybe there are > other considerations that I'm unaware of - I don't really like to second > guess what else is going on in the "closed box" of the OUI that could be host > dependent. > > To my mind, taking this non-standard approach is more risky than having > someone run the script on our behalf, even if it risks introducing delays > into the build process. > > How is this handled in your organisation? Have you ever been asked to have a > centralised set of root.sh scripts under root control for this reason? Have > you made it work? > > If anyone has some time to share their experiences, it would be much > appreciated. > > Regards > > Austin > > > > > > > -- > //www.freelists.org/webpage/oracle-l > > >