Re: Question regarding sudo equivalents

From: "Fernando N. de Souza" <fnantes@xxxxxxxxx>
To: pete.sharman@xxxxxxxxxx
Date: Thu, 16 Jun 2016 09:25:15 -0400

Peter,

All our db servers run on Solaris. Our sysadmins configured the oracle user
as a role (RBAC) and granted the dbas the ability to type "su - oracle" in
order to login as oracle. That was how we did it, until we went to OEM 12c
and needed to do things like patching and other tasks that require agent
authentication. OEM does not support authenticating into the oracle user
when it is configured as a role. After some back and forth with the
sysadmins and a decree from management, sudo was installed on all Solaris
servers.

In our case, it would be very helpful if OEM supported authentication and
privilege delegation to an oracle user configured as a role. It would
eliminate the need to install sudo on our Solaris servers. I'm a big fan of
sudo, but it's not needed in our environment because Solaris RBAC provides
the same functionality.

According to the sysadmins, RBAC accounts have advantages like preventing
remote connections directly into the oracle account, better auditing, etc.
But I'm not a sysadmin and can't give much details on that.

I hope it helps.

--
Fernando.

To educate a man in mind and not in morals is to educate a menace to
society.
Theodore Roosevelt

On Mon, Jun 13, 2016 at 7:08 PM, Peter Sharman <pete.sharman@xxxxxxxxxx>
wrote:

Folks

Got a question for you which you can answer on or off-list depending on
your preferences - that is, if you want to answer at all! J

If you need secured access to root (i.e. sudo-like functionality) what are
you using to get that access?  The reason I’m asking is because I was on a
call with a customer this morning and they said sudo was old hat and no-one
in their industry uses it any more.  Now that’s the first I’ve heard of
that, as just about every customer I’ve dealt with apart from this
particular customer is using sudo quite happily.  I occasionally run across
PowerBroker, but that’s about it.  I’d be interested to find what people
are using, particularly since Enterprise Manager supports sudo or
PowerBroker to get this functionality, and if people are moving away from
that we need to look at broadening what we support in the product.

Thanks!

Pete

[image: Oracle logo]

Pete Sharman
Database Architect, DBaaS / DBLM
Enterprise Manager Product Suite
33 Benson Crescent CALWELL ACT 2905 AUSTRALIA

Phone: +61262924095 | | Mobile: *+61414443449 <%2B61414443449>*
Email: pete.sharman@xxxxxxxxxx  Twitter: @SharmanPete  LinkedIn:
au.linkedin.com/in/petesharman
Website: petewhodidnottweet.com
------------------------------

"Controlling developers is like herding cats."

Kevin Loney, Oracle DBA Handbook

"Oh no, it's not, it's much harder than that!"

Bruce Pihlamae, long term Oracle DBA
------------------------------

Follow-Ups:
- RE: Question regarding sudo equivalents
  - From: Dimensional DBA

References:
- Question regarding sudo equivalents
  - From: Peter Sharman

Re: Question regarding sudo equivalents

Other related posts: