Results 1 to 7 of 7
  1. #1
    Join Date
    Aug 2004
    Posts
    11

    Unanswered: Can you install/run oracle without root access?

    I am using sudo to remove root from everyone other than our system security specialists. Has anyone ever used sudo to install oracle? Does the oracle admin ever need root during the install/administration process, other than root setting up system variables, file systems, for the oracle user id initially?

    thank you ,

    Sysparman

  2. #2
    Join Date
    Aug 2003
    Location
    Where the Surf Meets the Turf @Del Mar, CA
    Posts
    7,776
    Provided Answers: 1
    Yes, at one point you need to invoke root.sh running as root.
    You can lead some folks to knowledge, but you can not make them think.
    The average person thinks he's above average!
    For most folks, they don't know, what they don't know.
    Good judgement comes from experience. Experience comes from bad judgement.

  3. #3
    Join Date
    Aug 2004
    Posts
    11
    Thank you for your response. Do I not need to run rootpre.sh too?

    So it is possible to run/administer Oracle without root, with exeption of root.sh, and/or rootpre.sh, is that correct?

    Thank you

  4. #4
    Join Date
    Jun 2003
    Location
    Toronto, Canada
    Posts
    5,516
    Provided Answers: 1
    Yes I think you're correct. Root privileges are only needed during Oracle software installation: to run that root.sh and may be set up a script in /etc/init.d to start up the Oracle instance automatically. After that you don't need root access.

  5. #5
    Join Date
    Aug 2003
    Location
    Where the Surf Meets the Turf @Del Mar, CA
    Posts
    7,776
    Provided Answers: 1
    >I am using sudo to remove root from everyone other than our system security specialists
    Your goal is admirable, but is ineffective in this case WRT the oracle installs.
    Assume that it is user "oracle" who owns & initiates the Oracle installation.
    If you configure sudo to invoke $ORACLE_HOME/root.sh, I take take control of your system; because the oracle user MUST have write access to root.sh file.
    I could modify root.sh to start by executing visudo to back door your system.

    HTH & YMMV
    You can lead some folks to knowledge, but you can not make them think.
    The average person thinks he's above average!
    For most folks, they don't know, what they don't know.
    Good judgement comes from experience. Experience comes from bad judgement.

  6. #6
    Join Date
    Aug 2004
    Posts
    11
    >Your goal is admirable, but is ineffective in this case WRT the oracle installs.
    Assume that it is user "oracle" who owns & initiates the Oracle installation.
    If you configure sudo to invoke $ORACLE_HOME/root.sh, I take take control of your system; because the oracle user MUST have write access to root.sh file.
    I could modify root.sh to start by executing visudo to back door your system.


    Well that's a no brainer to tackle.

    1. You do not use variable pathing in the sudo definition. EX : $HOME_ORACLE

    2. You use an NFS mount with 755 options to hold all installable software that sudo will reference.

    3. You have an admin run root.sh, or rootpre.sh for the DBA.


    root access not needed, but for a second! Go figure, it actually works.

    Thanks for your help everyone.
    Last edited by sysparman; 10-06-04 at 22:21.

  7. #7
    Join Date
    May 2010
    Posts
    4
    Root.sh is needed to be run for soem activities like changing permissions and creating links - it contais a plethora of commands starting rm, mkdir, chown, mv, chmod etc Hope it helps

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •