[sudo-workers] Installing Application without full sudo privilege

Brian L Farrell blfarrell at ra.rockwell.com
Fri Feb 13 10:17:20 EST 2009


If you setup the server properly (system settings for shared memory etc, 
account(s), group(s) etc).  Then you only need root for the root.sh 
script.  You can create a script to do the equivalent of the root.sh 
taking the oracle SID as an argument to do what you need done as root to 
support oracle installs.

For information on analysis of  locking down oracle you can check out 
project lockdown: 
for more details.

Then the sudo configuration is really only configuring it so that all 
dba's (controlled by a Unix group for simplicity) can run the oracle root 
command scripts:

User_Alias      DBALIST = %dbagroup

Hope this helps.

Brian Farrell

Asif Iqbal <vadud3 at gmail.com> 
Sent by: sudo-workers-bounces at courtesan.com
02/13/2009 08:23 AM

sudo-users at sudo.ws, sudo-workers at sudo.ws

[sudo-workers] Installing Application without full sudo privilege

Hi All

My application team needs to install Oracle on hosts. They are asking
for full sudo privilege, so that they can install app as root.

Is there a lesser privilege that you can suggest then
  user ALL=(ALL) ALL


Asif Iqbal
PGP Key: 0xE62693C5 KeyServer: pgp.mit.edu
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
sudo-workers mailing list <sudo-workers at sudo.ws>
For list information, options, or to unsubscribe, visit:

More information about the sudo-workers mailing list