Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Oracle Passwords in Unix scripts
Top Forums Shell Programming and Scripting Oracle Passwords in Unix scripts Post 302194764 by Smiling Dragon on Tuesday 13th of May 2008 07:02:09 PM
Old 05-13-2008
FWIW, storing the password in an environment variable makes the information available to all users with access to a bsd ps on the box.

Are you able to use sudo? You could store the passwords in a central set of files, readable only by specific groups.

Create specific system users and allocate them to the appropriate groups.

You can then allow certain users to run your various scripts as the specific system users. Your script then goes and looks up the file in question for the DB and uses the password contained within.

This also gives you the ability to create a script for retrieving passwords inline for users with the appropriate rights (say admins only?) to use in _any_ script they want.

eg:
Code:
some_oracle_supplied_command -user `sudo -u orapass /usr/local/bin/get_the_username MY_DB` -pass ``sudo -u orapass /usr/local/bin/get_the_password MY_DB`

 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Unix passwords?

The local policy is set in our LAN so that passwords have to be 8 characters and contain a capital letter, a small letter and a special character. Is Unix able to restrict users passwords to certain lengths and characters. (1 Reply)
Discussion started by: wmosley2
1 Replies

2. UNIX for Advanced & Expert Users

Connecting to Oracle through unix shell scripts

Hi, Can some one help me in connecting to oracle through unix shell scripts with examples. Regards Narayana Gupta (1 Reply)
Discussion started by: guptan
1 Replies

3. Shell Programming and Scripting

How to pass passwords to bash scripts?

I'm finding the following command very tedious to type in all the time, so I created a one line bash script called mount.bash with the following contents: mount -t cifs //mark/C\$ -o unc=//mark\\C$,ip=10.1.1.33,user=Administrator,password=$1 /mnt/mark I don't like the fact that I have to put... (5 Replies)
Discussion started by: siegfried
5 Replies

4. Shell Programming and Scripting

Checking passwords - scripts

Hi Unix experts.... I am in the process checking user and root password of more than 1000 servers manulay. I am very pissed of checking these many servers manualy. Could some one of you help me how can i check the passwords just by runing some scripts..! Need Help Guys..! :confused: (5 Replies)
Discussion started by: bullz26
5 Replies

5. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

6. Shell Programming and Scripting

Calling oracle package Unix from shell scripts.

Hi, Can anyone tell me how to call a oracle package from a Unix shell script? I want to pass some input parameters to package and it will return me the output which I want to use further in my shell script. I want to know the way to capture the output values in my shell script. Please send some... (1 Reply)
Discussion started by: anil029
1 Replies

7. Shell Programming and Scripting

run oracle procedure in unix scripts

for j in $(du -h $1| awk '{printf("%100-s \n",$2)}') do for a in $(ls -time $(find $j -name '*.txt') | awk '{printf("\n%s %s %s %s %s",$4,$7,$8,$10,$11)}') do echo "$a">output.txt done done exit 0 echo "Password : xxxxxx " > LOG/BGH_$3.out (0 Replies)
Discussion started by: utoptas
0 Replies

8. Shell Programming and Scripting

KSH - How to call different scripts from master scripts based on a column in an Oracle table

Dear Members, I have a table REQUESTS in Oracle which has an attribute REQUEST_ACTION. The entries in REQUEST_ACTION are like, ME, MD, ND, NE etc. I would like to create a script which will will call other scripts based on the request action. Can we directly read from the REQUEST_ACTION... (2 Replies)
Discussion started by: Yoodit
2 Replies

9. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

10. Shell Programming and Scripting

How to store the passwords securely and use in scripts?

I want to store the passwords in a global file, so that all the users will not use them to login but a process should use it. One way is to keep the passwords in a .ini file and execute the file in the start of the script and use that variable. But with this, one can echo the variable in the... (15 Replies)
Discussion started by: karumudi7
15 Replies

LEARN ABOUT MINIX

passwd

PASSWD(5)							File Formats Manual							 PASSWD(5)

NAME

       passwd, group, shadow - user and group databases, shadow passwords

SYNOPSIS

       /etc/passwd
       /etc/group
       /etc/shadow

DESCRIPTION

       /etc/passwd  lists  all	the  users  of	the  system, and /etc/group lists all the groups the users may belong to.  Both files also contain
       encrypted passwords, numeric ID's etc.  Encrypted passwords may be hidden in the file /etc/shadow if extra protection is warranted.

       Each file is an text file containing one line per user or group.  The data fields on a line are separated by  colons.   Each  line  in  the
       password file has the following form:

	      name:passwd:uid:gid:gecos:dir:shell

       The  name  field is the login name of a user, it is up to 8 letters or numbers long starting with a letter.  The login name must be unique.
       The password field is either empty (no password), a 13 character encrypted password as returned by crypt(3), or a login	name  preceded	by
       two  number  signs  (#)	to  index the shadow password file.  Anything else (usually *) is invalid.  The uid and gid fields are two numbers
       indicating the users user-id and group-id.  These id's do not have to be unique, there may be more than one name with the same  id's.   The
       gecos  field can be set by the user.  It is expected to be a comma separated list of personal data where the first item is the full name of
       the user.  The dir field is the path name of the users home directory.  Lastly the shell field is the path name of the users  login  shell,
       it  may be empty to indicate /bin/sh.  A Minix specific extension allows the shell field to contain extra space separated arguments for the
       shell.

       Lines in the group file consist of four fields:

	      name:passwd:gid:mem

       The name field is the name of the group, same restrictions as a login name.  The passwd field may be used to let users change groups.   The
       gid  field  is  a number telling the group-id.  The group-id is unique for a group.  The mem field is a comma separated list of login names
       that are special members of the group.  If a system supports supplementary group id's then a user's set of supplementary group id's is  set
       to  all the groups they are a member of.  If a system allows one to change groups then one can change to a group one is a member of without
       using the group's password.

       The shadow password file has precisely the same form as the password file, except that only the name or passwd fields are used as yet.  The
       other fields are zero or empty.	A password in the password file may have the form ##user to indicate the entry user in the shadow password
       file.  The password in this entry is then used for authentication of the user.  The shadow file can only be read by the privileged  utility
       pwdauth(8), so that the encrypted passwords in the shadow file are kept secret, and thus safe from a dictionary attack.

   Special password and group file entries
       There  are  several  entries  in  the  password and group files that are preallocated for current or future use.  All id's less than 10 are
       reserved.  The special password file entries are:

	      root:##root:0:0:Big Brother:/usr/src:
	      daemon:*:1:1:The Deuce:/etc:
	      bin:##root:2:0:Binaries:/usr/src:
	      uucp:*:5:5:UNIX to UNIX copy:/usr/spool/uucp:/usr/sbin/uucico
	      news:*:6:6:Usenet news:/usr/spool/news:
	      ftp:*:7:7:Anonymous FTP:/usr/ftp:
	      nobody:*:9999:99::/tmp:
	      ast:*:8:3:Andrew S. Tanenbaum:/usr/ast:

       The root id is of course the super user.  The daemon id is used by some daemons.  Some devices are protected so that only those daemons can
       access  them.   The bin id owns all sources and most binaries.  The uucp, news and ftp id's are for serial line data transfer, usenet news,
       or ftp if so needed.  The nobody id is used in those cases that a program may not have any privileges at all.  The ast id is  the  honorary
       home directory for Andrew S. Tanenbaum, the creator of Minix.  You can also find the initial contents for a new home directory there.

       The special group file entries are:

	      operator:*:0:
	      daemon:*:1:
	      bin:*:2:
	      other:*:3:
	      tty:*:4:
	      uucp:*:5:
	      news:*:6:
	      ftp:*:7:
	      kmem:*:8:
	      nogroup:*:99:

       Groups  with the same name as special user id are used with those id's.	The operator group is for the administrators of the system.  Users
       in this group are granted special privileges.  The other group is for ordinary users.  The tty group is for terminal devices,  and  associ-
       ated set-gid commands.  Same thing with the kmem group and memory devices.

FILES

       /etc/passwd    The user database.

       /etc/group     The group database.

       /etc/shadow    The shadow password file.

SEE ALSO

       login(1), passwd(1), su(1), crypt(3), getpwent(3), getgrent(3), pwdauth(8).

NOTES

       The nobody and nogroup id's are likely to be renumbered to the highest possible id's once it is figured out what they are.

AUTHOR

       Kees J. Bot (kjb@cs.vu.nl)

																	 PASSWD(5)
All times are GMT -4. The time now is 09:22 PM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy