Pete Finnigan's Oracle Security Forum


    
      
        Pete Finnigan's Oracle Security Forum
        (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
      

        Oracle Security >> Oracle Security >> listener security
        
(Message started by: Pete Finnigan on Mar 18^th, 2010, 5:03pm)

Title: listener security
Post by Pete Finnigan on Mar 18^th, 2010, 5:03pm

Hi,

We have an Oracle installation (10204 under Linux) and the Oracle listener is running under another Linux user (not oracle). The oracle user can't issue lsnrctl commands: it gets a TNS-01190 error. In principle this is correct but because of some issues we want to allow oracle to issue lsnrctl commands.
What would be the best way to achieve this?
I was thinking about running the tnslnr process with setgid (set group id) set for the dba group. The user under which the listener runs is also member of the dba group.
Is this going to work?
Another optio could be sudo.
Any other options?

regards,

Ivan