Oracle Consulting Oracle Training Oracle Support Development
Home
Catalog
Oracle Books
SQL Server Books
IT Books
Job Interview Books
eBooks
Rampant Horse Books
911 Series
Pedagogue Books

Oracle Software
image
Write for Rampant
Publish with Rampant
Rampant News
Rampant Authors
Rampant Staff
 Phone
 800-766-1884
Oracle News
Oracle Forum
Oracle Tips
Articles by our Authors
Press Releases
SQL Server Books
image
image

Oracle 11g Books

Oracle tuning

Oracle training

Oracle support

Remote Oracle

STATSPACK Viewer

Privacy Policy

 

   
 

Oracle Tips by Burleson

SUID Tips

Another important fact must be taken into account while examining these files. Most of the above files may have a file named after them, but with the numeral zero. For example, there could be a file called dbsnmp0, in addition to dbsnmp. When a new version is built, Oracle copies the old file dbsnmp to dbsnmp0, and recreates the dbsnmp file.

This is done to ensure that in case the new file building fails, the old file dbsnmp0 can be renamed to dbsnmp and still be used. The old file dbsnmp0 still exists with the suid bit on. This could be an important security hole exploited by a potential hacker. Therefore, the suid bit for the 0-suffixed files should be turned off.

The suid is turned off by the following command

chmod –s dbsnmp0

Tip: Turn off the SUID bit on all files except the most needed. The SUID bit should be tuned on for the file oracle in $ORACLE_HOME/bin. If Intelligent Agent is used, then the SUID should be on for the file dbsnmp; if Name Server is used then it should be on for onrsd; and if Oracle Internet Directory is used, then it should be turned on for the file oidldapd. All other files should have their SUID bits turned off.

Enter user-name: scott/tiger|
ERROR:
ORA-12546: TNS:permission denied

Note the error: “ORA-12546 : TNS:permission denied,” meaning the execute on the Oracle executable failed. However, the connection is attempted now using a connect string, i.e. forcing it to go through the regular IPC or TCP/IP process.

Enter user-name: scott/tiger@claimdb

Connected to:
Oracle8i Enterprise Edition Release 8.1.7.4.0 - Production
With the Partitioning option
JServer Release 8.1.7.4.0 - Production
SQL>
The connection was successful.

Remove the execute permissions on Oracle executables from others as a precaution to prevent malicious use.
 


Download your Oracle scripts now:

www.oracle-script.com

The definitive Oracle Script collection for every Oracle professional DBA

 

Linux Oracle commands syntax poster

ION Oracle tuning software

Oracle data dictionary reference poster



Oracle Forum

BC Oracle consulting support training

BC remote Oracle DBA   

 

   

 Copyright © 1996 -2016 by Burleson. All rights reserved.


Oracle® is the registered trademark of Oracle Corporation. SQL Server® is the registered trademark of Microsoft Corporation. 
Many of the designations used by computer vendors to distinguish their products are claimed as Trademarks