Most of the time when a third party app is requested instead of the
functionality offered by the OS it is for other compliance reason, such as
central management and reporting of rights across the organization.
Matthew Parker
Chief Technologist
Dimensional DBA
425-891-7934 (cell)
D&B 047931344
CAGE 7J5S7
Dimensional.dba@xxxxxxxxxxx
<http://www.linkedin.com/pub/matthew-parker/6/51b/944/> View Matthew Parker's
profile on LinkedIn
www.dimensionaldba.com <http://www.dimensionaldba.com/>
From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On ;
Behalf Of Fernando N. de Souza
Sent: Thursday, June 16, 2016 6:25 AM
To: pete.sharman@xxxxxxxxxx
Cc: oracle-l@xxxxxxxxxxxxx
Subject: Re: Question regarding sudo equivalents
Peter,
All our db servers run on Solaris. Our sysadmins configured the oracle user as
a role (RBAC) and granted the dbas the ability to type "su - oracle" in order
to login as oracle. That was how we did it, until we went to OEM 12c and needed
to do things like patching and other tasks that require agent authentication.
OEM does not support authenticating into the oracle user when it is configured
as a role. After some back and forth with the sysadmins and a decree from
management, sudo was installed on all Solaris servers.
In our case, it would be very helpful if OEM supported authentication and
privilege delegation to an oracle user configured as a role. It would eliminate
the need to install sudo on our Solaris servers. I'm a big fan of sudo, but
it's not needed in our environment because Solaris RBAC provides the same
functionality.
According to the sysadmins, RBAC accounts have advantages like preventing
remote connections directly into the oracle account, better auditing, etc. But
I'm not a sysadmin and can't give much details on that.
I hope it helps.
--
Fernando.
To educate a man in mind and not in morals is to educate a menace to society.
Theodore Roosevelt
On Mon, Jun 13, 2016 at 7:08 PM, Peter Sharman <pete.sharman@xxxxxxxxxx> wrote:
Folks
Got a question for you which you can answer on or off-list depending on your
preferences - that is, if you want to answer at all! J
If you need secured access to root (i.e. sudo-like functionality) what are you
using to get that access? The reason I’m asking is because I was on a call
with a customer this morning and they said sudo was old hat and no-one in their
industry uses it any more. Now that’s the first I’ve heard of that, as just
about every customer I’ve dealt with apart from this particular customer is
using sudo quite happily. I occasionally run across PowerBroker, but that’s
about it. I’d be interested to find what people are using, particularly since
Enterprise Manager supports sudo or PowerBroker to get this functionality, and
if people are moving away from that we need to look at broadening what we
support in the product.
Thanks!
Pete
Oracle logo
Pete Sharman
Database Architect, DBaaS / DBLM
Enterprise Manager Product Suite
33 Benson Crescent CALWELL ACT 2905 AUSTRALIA
Phone: <tel:+61262924095> +61262924095 | | Mobile: +61414443449
<tel:%2B61414443449>
Email: <mailto:pete.sharman@xxxxxxxxxx> pete.sharman@xxxxxxxxxx Twitter:
@SharmanPete LinkedIn: au.linkedin.com/in/petesharman
Website: petewhodidnottweet.com
_____
"Controlling developers is like herding cats."
Kevin Loney, Oracle DBA Handbook
"Oh no, it's not, it's much harder than that!"
Bruce Pihlamae, long term Oracle DBA
_____