To add to what Jared has already said, perhaps even use a set of scripts to
enable very specific functionality via sudo, instead of granting access to
all functions of e.g. srvctl, crsctl, etc...
On May 29, 2015 9:53 PM, "Jared Still" <jkstill@xxxxxxxxx> wrote:
On Fri, May 29, 2015 at 7:38 AM, Chris King <ckaj111@xxxxxxxx> wrote:
What would you recommend as an overall method of granting the least
possible privileges on the linux side? For instance, to restart dbconsole
will require login as oracle, which I'd rather avoid giving away, but not
sure that's possible.
If the number of commands they need to run as oracle is limited, don't
give them the oracle login, setup sudo instead.
Jared Still
Certifiable Oracle DBA and Part Time Perl Evangelist
Principal Consultant at Pythian
Pythian Blog http://www.pythian.com/blog/author/still/
Oracle Blog: http://jkstill.blogspot.com
Home Page: http://jaredstill.com
