Oracle Passwords in Unix scripts


 
Thread Tools Search this Thread
Top Forums Shell Programming and Scripting Oracle Passwords in Unix scripts
# 1  
Old 05-13-2008
Oracle Passwords in Unix scripts

Hi
Most of the shell scripts I am dealing with have to connect to oracle database . The username password is stored in a environment file which sets the variables for username and password . Set user id do not work on AIX so users who will execute these scripts need to have read or execute permissions on these files . This makes these password available to a large group of people. What should be the solution to hide these passwords or these files from others users .
Regards
Cliffors
# 2  
Old 05-13-2008
FWIW, storing the password in an environment variable makes the information available to all users with access to a bsd ps on the box.

Are you able to use sudo? You could store the passwords in a central set of files, readable only by specific groups.

Create specific system users and allocate them to the appropriate groups.

You can then allow certain users to run your various scripts as the specific system users. Your script then goes and looks up the file in question for the DB and uses the password contained within.

This also gives you the ability to create a script for retrieving passwords inline for users with the appropriate rights (say admins only?) to use in _any_ script they want.

eg:
Code:
some_oracle_supplied_command -user `sudo -u orapass /usr/local/bin/get_the_username MY_DB` -pass ``sudo -u orapass /usr/local/bin/get_the_password MY_DB`

# 3  
Old 05-14-2008
Thanks for the reply . It seems that we do not have sudo .lslpp -L sudo does not show me any thing. The password files are read only by group and it has only one member who can execute the scripts. For ps issue we are changing the scripts so that passwords are piped to sqlplus while logging in .

Is sudo a special install . We have AIX 5.2
Regards
# 4  
Old 05-14-2008
sudo is a third party tool, pretty widely used though so you shouldn't have too much trouble finding help on it if you need it.
# 5  
Old 05-15-2008
Thanks . I will look for it.
# 6  
Old 05-16-2008
Storing a password is a security problem. You may want to investigate Oracle OS authentication.
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

How to store the passwords securely and use in scripts?

I want to store the passwords in a global file, so that all the users will not use them to login but a process should use it. One way is to keep the passwords in a .ini file and execute the file in the start of the script and use that variable. But with this, one can echo the variable in the... (15 Replies)
Discussion started by: karumudi7
15 Replies

2. UNIX for Advanced & Expert Users

When did UNIX start using encrypted passwords, and not displaying passwords when you type them in?

I've been using various versions of UNIX and Linux since 1993, and I've never run across one that showed your password as you type it in when you log in, or one that stored passwords in plain text rather than encrypted. I'm writing a script for work for a security audit, and two of the... (5 Replies)
Discussion started by: Anne Neville
5 Replies

3. Shell Programming and Scripting

KSH - How to call different scripts from master scripts based on a column in an Oracle table

Dear Members, I have a table REQUESTS in Oracle which has an attribute REQUEST_ACTION. The entries in REQUEST_ACTION are like, ME, MD, ND, NE etc. I would like to create a script which will will call other scripts based on the request action. Can we directly read from the REQUEST_ACTION... (2 Replies)
Discussion started by: Yoodit
2 Replies

4. Shell Programming and Scripting

run oracle procedure in unix scripts

for j in $(du -h $1| awk '{printf("%100-s \n",$2)}') do for a in $(ls -time $(find $j -name '*.txt') | awk '{printf("\n%s %s %s %s %s",$4,$7,$8,$10,$11)}') do echo "$a">output.txt done done exit 0 echo "Password : xxxxxx " > LOG/BGH_$3.out (0 Replies)
Discussion started by: utoptas
0 Replies

5. Shell Programming and Scripting

Calling oracle package Unix from shell scripts.

Hi, Can anyone tell me how to call a oracle package from a Unix shell script? I want to pass some input parameters to package and it will return me the output which I want to use further in my shell script. I want to know the way to capture the output values in my shell script. Please send some... (1 Reply)
Discussion started by: anil029
1 Replies

6. Shell Programming and Scripting

SSH - Passing Unix login passwords through shell scripts

Hi All , I need to call a script runscript_B.sh on server A, the runscript_B.sh script locating in server B. The runscript_B.sh in calls another script runscript_A on server A itself. it seend, i need to be connect from Server A to Server B using ssh. I have tryed like this in... (3 Replies)
Discussion started by: koti_rama
3 Replies

7. Shell Programming and Scripting

Checking passwords - scripts

Hi Unix experts.... I am in the process checking user and root password of more than 1000 servers manulay. I am very pissed of checking these many servers manualy. Could some one of you help me how can i check the passwords just by runing some scripts..! Need Help Guys..! :confused: (5 Replies)
Discussion started by: bullz26
5 Replies

8. Shell Programming and Scripting

How to pass passwords to bash scripts?

I'm finding the following command very tedious to type in all the time, so I created a one line bash script called mount.bash with the following contents: mount -t cifs //mark/C\$ -o unc=//mark\\C$,ip=10.1.1.33,user=Administrator,password=$1 /mnt/mark I don't like the fact that I have to put... (5 Replies)
Discussion started by: siegfried
5 Replies

9. UNIX for Advanced & Expert Users

Connecting to Oracle through unix shell scripts

Hi, Can some one help me in connecting to oracle through unix shell scripts with examples. Regards Narayana Gupta (1 Reply)
Discussion started by: guptan
1 Replies

10. UNIX for Dummies Questions & Answers

Unix passwords?

The local policy is set in our LAN so that passwords have to be 8 characters and contain a capital letter, a small letter and a special character. Is Unix able to restrict users passwords to certain lengths and characters. (1 Reply)
Discussion started by: wmosley2
1 Replies
Login or Register to Ask a Question