Login or Register to Ask a Question and Join Our Community


Red Hat

Sudo as Oracle

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Red Hat Sudo as Oracle
# 1  
Old 07-29-2015
Sudo as Oracle
Dear all ,

Very recently , for audit purpose , we want to avoid generic users like "oracle" for login to our Database Server.
So we create a sudo user "db_user".
But while running sqlplus , we want to switch to user "oracle" and execute it .

Here we dont want to give , password of oracle , rather than ,we need to give sudo password ( which is "db_user" password. )

But sudo to root is possible like "sudo -i"

But sudo to oracle is not possible ,

any ideas please.
# 2  
Old 07-29-2015
You will need something in sudo. If not it, then what?

But you can configure sudo to only allow specific users, like db_user, to switch to oracle. You do not need to hand your system a security blank cheque.
# 3  
Old 07-29-2015
Do you mean a sudo user db_user, or a pseudo-user? The former has rules to execute commands with privileges of another account, where the latter is a pretend or non-personal account.

I'm just confused Smilie


If you want to login as db_user, but then get it to run commands as oracle, you will need to write a sudo rule to allow that.
It could require the db_user password or no password, but all actions will be attributed to the account db_user.

Would it not be better to have people use a personal account and give them the privilege to run the required commands as account oracle instead?


What sort of commands are you wanting to allow it to run? If it is to start/stop the database instance, this can be done during the boot/shutdown automatically which may be better all round.




Robin Smilie
# 4  
Old 07-29-2015
I have a faint memory that oracle allows the mapping of OS users to DB internal users. Wouldn't that help?
# 5  
Old 07-30-2015
Hi,
If you want to use all the commands and privileges like oracle --> in sudoers file gives permission for db_user to switch to oracle. You can access with " #sudo su - oracle " which will not ask for password.

If you want to run only specific commands --> then give permission for only that commands in the sudoers file.
# 6  
Old 07-30-2015
Thanks for all your input , I have solved it by using
Code:
sudo -u oracle -i

and then i got the oracle prompt by entering the password of my account db_user....So that logs also get updated ....

Thanks
Last edited by rbatte1; 08-06-2015 at 09:10 AM..
Login or Register to Ask a Question

Previous Thread | Next Thread

7 More Discussions You Might Find Interesting

1. UNIX and Linux Applications

Identify a specific environment Oracle variable to connect a remote Oracle database ?

Good evening I nned your help pls, In an unix server i want to connect to a remote oracle databse server by sqlplus. I tried to find out the user/passwd and service name by env variable and all Ive got is this: ORACLE_SID_REPCOL=SCL_REPCOL ORACLE_SID=xmeta ORACLE_SID_TOL=SCL_PROTOLCOL... (2 Replies)
Discussion started by: alexcol
2 Replies

2. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi, Have a need to run the below command as a "karuser" from a java class which will is running as "root" user. When we are trying to run the below command from java code getting the below error. Command: sudo -u karuser -s /bin/bash /bank/karunix/bin/build_cycles.sh Error: sudo: sorry,... (8 Replies)
Discussion started by: Satyak
8 Replies

3. Shell Programming and Scripting

sudo: sorry, you must have a tty to run sudo

Hi All, I running a unix command using sudo option inside shell script. Its working well. But in crontab the same command is not working and its throwing "sudo: sorry, you must have a tty to run sudo". I do not have root permission to add or change settings for my userid. I can not even ask... (9 Replies)
Discussion started by: Apple1221
9 Replies

4. Shell Programming and Scripting

ssh foo.com sudo command - Prompts for sudo password as visible text. Help?

I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this: #!/bin/bash rsync /path/on/local/machine/ foo.com:path/on/remote/machine/ ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies

5. AIX

sudo log and sudo auditing

Sudo In AIX, how to find out what commands have been run after a user sudo to another user? for example, user sam run 'sudo -u robert ksh' then run some commands, how can I (as root) find what commands have been run? sudo.log only contains sudo event, no activity logging. (3 Replies)
Discussion started by: jalite19
3 Replies

6. Cybersecurity

sudo /bin/sh or sudo su -

we are looking at changing the way we get root on our network. in our current system if an admin needs root access he just gets the root password and uses an su. some of our staff have decided that a sudo to "/bin/sh" will be easer. some of our staff think a sudo to "su -" will be better. I... (0 Replies)
Discussion started by: robsonde
0 Replies

7. UNIX for Dummies Questions & Answers

Unable to use the Sudo command. "0509-130 Symbol resolution failed for sudo because:"

Hi! I'm very new to unix, so please keep that in mind with the level of language used if you choose to help :D Thanks! When attempting to use sudo on and AIX machine with oslevel 5.1.0.0, I get the following error: exec(): 0509-036 Cannot load program sudo because of the following errors:... (1 Reply)
Discussion started by: Chloe123
1 Replies
Login or Register to Ask a Question