Re: Oracle 8i - Create database by non product owner (e.g. oracle)

Imprecise <f_puhan_at_precise.com> wrote in message news:<f_puhan-5335A3.22513117062002_at_vienna7.his.com>...
> In article <e3b3b67b.0206171837.25df169b_at_posting.google.com>,
> earthy_at_hkicable.com (Frankie Li) wrote:
>
> Please explain why you don't want *files* owned by a specific user.
> Because that's what it appears you are asking for.
>

One of the concern is that once this single a/c (e.g. oracle) is hacked, all Oracle files will be deleted under UNIX level.

> Oracle (the account you used to install the product) "owns" the
> binaries, data files, scripts, libraries, etc. The oracle account is
> typically a member of the dba group. Group members, then, have access
> to Oracle (the product)'s programs and database.
>
> Once the *files* are created, access to it is controlled through the
> users who are created internal to the instance. Granting access to one
> database instance does NOT automatically grant access to another. Each
> is, for all intents and purposes, a separate entity.
>

Yeah, I also understand that Oracle itself can have a very good internal security control. As a result, I only want to explore if there is anything we can, or we need to do in UNIX level.

I am not insisting to own the data files by others. I only want to know if it is feasible or practical. If the answer is "No", I will stop wasting my time in this concern.

As you can see from my previous mail, I am very new to Oracle. So maybe some of my view is not professional judged by a DBA.

Another thing bother me is that the world-permission of Oracle product. I really want to tell others that it's Oracle's recommendation and we better stick to it. But I know I will be challenged by our security guys later for allowing all users in the servers to execute/manupilate Oracle files. Any idea other than Oracle internal security control?

Earthy Received on Tue Jun 18 2002 - 06:06:59 CDT