Auditing an Oracle database for security issues is very important. PeteFinnigan.com provides all of the information and tools that you will need Click here for details of PeteFinnigan.com Limited's detailed Oracle database security audit service Click here for details of PeteFinnigan.com Limited's Oracle Security Training Courses
There are 61 visitors online    
Cookie Policy:We only use essential cookies on small sections of this website. For details see here.


Back

Emulate LOCK_SGA Oracle parameter by locking the SGA shared memory into core on Solaris in C

This very short article comes from a post I made to the lazydba Oracle mailing list where someone asked about locking the SGA into core. It is not possible to use the Oracle initialisation parameter LOCK_SGA on Solaris and similar operating systems because only the root user can lock shared memory in core. Generally the database runs as another user, usually a user called oracle but it doesn't need to be. Also it would be bad form to run the database software as root.

Here is the posting slightly edited to fix an error in the C and also to annotate it a little better:-

You didn't tell us the OS, but if you are on Solaris then the LOCK_SGA parameter will not work unless you loaded Oracle as root as only root can lock shared memory segments. If you must use the LOCK_SGA parameter then you need to simulate the parameter in C so you can still start the database as oracle:

do the following in shell to get the shared segment id or use oradebug instead of ipcs and lock the SGA into core. This needs to be run as root. We will cover the program fix_in_core written in C in a minute:

	ipcs -m | grep oracle | awk '{print $2'} | while read segment      
	do                                                          
	        fix_in_core $segment
	done
						

compile the following C program as fix_in_core.c.

	gcc -o fix_in_core fix_in_core.c	
						

Here is the source code:

	#include ‹sys/types.h›
	#include ‹sys/ipc.h›
	#include ‹sys/shm.h›
	#include ‹errno.h›
	#include ‹stdio.h›
	#include ‹stdlib.h›
	
	int main(int argc,char **argv)
	{
	        int retval;
	        int segment;
	
	        segment=atol(argv[1]);
	        retval=shmctl(segment, SHM_LOCK, (struct shmid_ds *)0);
	        (retval==0)?printf("locked Segment %d\n",segment):perror("error
	locking segment");
	        exit(retval);
	}
						

That covers the code and method. The parameter LOCK_SGA doesn't need to be set in this case as this C program does the same thing.



Back