To: jkstill@xxxxxxxxx, Oracle-L Freelists <oracle-l@xxxxxxxxxxxxx>
Date: Tue, 01 Jul 2008 21:11:58 +0200
Hi Jared,
its just for Security.
On System where chown is allowed for everey user for security reasons
the setuid-Bit is always deleted if a file is chowned.
Thus if a set setuid-Bit is desired for the Password File by the Oracle Server
and its use is refused otherwise no one but root can make a password file gift
to the oracle unix user.
Regards
kf
While going through an annual sarbox task I noticed that on Linux (
> maybe unix too)
> the sticky bit is set on the password file.
>
> [oracle@server before]$ l $OH/dbs/orapworcl
> -rwSr----- 1 oracle oinstall 1536 Oct 30 2007 /u01/app/oracle/product/
> 9.2.0/aglqa/dbs/orapworcl
>
> The bit is shown as a capital S due to the execute bit not being set.
>
> There's nothing in ML about it, at least I could not find anything.
>
> The following test was performed:
>
> shutdown database
> chmod 640 orapworcl
> startup database
> logon to database remotely as sysdba
>
> It doesn't appear that the SUID bit serves any purpose.
>
> Does someone here know why the password file is SUID?
>
> --
> Jared Still
> Certifiable Oracle DBA and Part Time Perl Evangelist
>
>
--
http://www.freelists.org/webpage/oracle-l
