[sudo-users] [sudo-workers] Installing Application without full sudo privilege
Brian L Farrell
blfarrell at ra.rockwell.com
Fri Feb 13 10:17:20 EST 2009
Asif,
If you setup the server properly (system settings for shared memory etc,
account(s), group(s) etc). Then you only need root for the root.sh
script. You can create a script to do the equivalent of the root.sh
taking the oracle SID as an argument to do what you need done as root to
support oracle installs.
For information on analysis of locking down oracle you can check out
project lockdown:
http://www.oracle.com/technology/pub/articles/project_lockdown/index.html
for more details.
Then the sudo configuration is really only configuring it so that all
dba's (controlled by a Unix group for simplicity) can run the oracle root
command scripts:
User_Alias DBALIST = %dbagroup
Cmnd_Alias DBA_RUNAS_ROOT_COMMANDS =
/path/to/oracle_root_commands_script
DBA ALL = (root) DBA_RUNAS_ROOT_COMMANDS
Hope this helps.
Brian Farrell
Asif Iqbal <vadud3 at gmail.com>
Sent by: sudo-workers-bounces at courtesan.com
02/13/2009 08:23 AM
To
sudo-users at sudo.ws, sudo-workers at sudo.ws
cc
Subject
[sudo-workers] Installing Application without full sudo privilege
Hi All
My application team needs to install Oracle on hosts. They are asking
for full sudo privilege, so that they can install app as root.
Is there a lesser privilege that you can suggest then
user ALL=(ALL) ALL
Thanks
--
Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
____________________________________________________________
sudo-workers mailing list <sudo-workers at sudo.ws>
For list information, options, or to unsubscribe, visit:
http://www.sudo.ws/mailman/listinfo/sudo-workers
More information about the sudo-users
mailing list