Solved

switch user in script using sur (restricted)

Posted on 2000-02-25
5
272 Views
Last Modified: 2010-08-05
I'm trying to write a script that runs as oracle and needs to do a 'sur -' (switch user root) to kill off other user id's. These hung id's are not connect to oracle and this is not a oracle problem, they remain hung even after oracle is shut down.  The application leaves connections hung. (No luck getting appls to fix this one! :) )

I know how to 'su - ' to another user and execute a command/script if you are running the script as root but how can do a 'sur -' in a script run by Oracle and execute a command/script.
The Oracle id does have 'sur - ' privileges and while we could always create at separate script it would be much easier if this could be done in one script.



 
0
Comment
Question by:apgar
5 Comments
 

Author Comment

by:apgar
ID: 2564794
Adjusted points to 75
0
 
LVL 2

Expert Comment

by:GP1628
ID: 2583372
How are you recognizing the hung users?

A much better way is to write a script that runs as root all the time, or occasionally as a CRON job, which will look for the hung processes and kill them.

The only way to do it the way you ask is either have the password in the script (very bad) or have the script be SUID (also very bad)

Gandalf Parker
0
 
LVL 3

Expert Comment

by:jkstill
ID: 2608038

You may want to approach this differently.

It appears that you have root access, and that the app processes are on the same machine as the database.

How about writing a script that is owned by root for shutting down the database.

The script will do a 'su - oracle -c $ORACLE_HOME/bin/dbshut'  ( or whatever script you use to shutdown the databases )

Modify your dbshut script to spool out the PID's of all users sessions OS processes to a text file.  This can be obtained from v$session.

Do this before shutting down the database.  

Then from the script owned by root, you can check to see if any of those processes are still running ( they're in the text file from the previous step), and kill them.


0
 
LVL 2

Accepted Solution

by:
mapc earned 75 total points
ID: 2623275
Use sudo:
http://www.courtesan.com/sudo/

It's highly configurable and will allow you to do it in better manner.
You will then use command sudo command by oracle.
Then, as you said, create some script which will do the work for you, and in sudo config enable just oracle to run this script as root.
Hope that it helps.
p.s. sudo has great man page :)
0
 

Author Comment

by:apgar
ID: 2623756
The oracle script performs several different functions:  cold backup and  export, weekly reorgs, index rebuilds, recycle listener, etc. so I would like to keep that as oracle.
The users are RF devices (radio
frequency) and often they are not logged off correctly or battery problems cause them to keep a connection to the server..not oracle.
(No entry in the v$session table)

These connection eventually start eating up the CPU causing major slowdowns.  Our goal was to kill any RF connections when the database is shutdown since we know they should be
logged off anyway. We only want to kill any connection remaining after the database is down.

My concern about separate jobs is that if there is a request to cancel a backup (which does happen from time to time) is that ops would fail to cancel both jobs....meaning that either all RF's would be killed or the backup would run taking them down for 30-45 mins.

I'm going to look in to SUDO.



0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question