Attended a workshop about “Oracle database security” (by Frits Hoogland), though the subject could also be named like “O.S.-security of an Oracle Database”. Most of the times the database will be installed by an ‘oracle’ account, and all the DBA’s are using this account for administrative purpose.
Nothing wrong with that, but logging/auditing of this oracle account is modifyable (=useless) and who did what on this machine?
So it’s quite understandable that an organization will choose for personalized, controlled accounts for DBA’s. Quite scary for a DBA by the way, his kingdom and freedom is vanishing…
What follows is a template to setup such personalized account.
Root – create users and groups
# groupadd -g 54321 oracle
# groupadd -g 54322 oinstall
# groupadd -g 54323 dba
# groupadd -g 54324 oper
# groupadd -g 54325 asm
# useradd -d /home/oracle -m -g oracle -G dba,asm,users,oinstall -s /bin/bash \
-u 54321 -c “Oracle software owner” oracle
grep the X-cookie, from server console:
# env |grep XAUT
Make this cookie accessable for other users:
# chmod 644 $XAUTHORITY
# su – oracle
Set XAUTHORITY again:
$ export XAUTHORITY=/tmp/.gdmXXXXXX