Solved

switch user in script using sur (restricted)

Posted on 2000-02-25
5
270 Views
Last Modified: 2010-08-05
I'm trying to write a script that runs as oracle and needs to do a 'sur -' (switch user root) to kill off other user id's. These hung id's are not connect to oracle and this is not a oracle problem, they remain hung even after oracle is shut down.  The application leaves connections hung. (No luck getting appls to fix this one! :) )

I know how to 'su - ' to another user and execute a command/script if you are running the script as root but how can do a 'sur -' in a script run by Oracle and execute a command/script.
The Oracle id does have 'sur - ' privileges and while we could always create at separate script it would be much easier if this could be done in one script.



 
0
Comment
Question by:apgar
5 Comments
 

Author Comment

by:apgar
ID: 2564794
Adjusted points to 75
0
 
LVL 2

Expert Comment

by:GP1628
ID: 2583372
How are you recognizing the hung users?

A much better way is to write a script that runs as root all the time, or occasionally as a CRON job, which will look for the hung processes and kill them.

The only way to do it the way you ask is either have the password in the script (very bad) or have the script be SUID (also very bad)

Gandalf Parker
0
 
LVL 3

Expert Comment

by:jkstill
ID: 2608038

You may want to approach this differently.

It appears that you have root access, and that the app processes are on the same machine as the database.

How about writing a script that is owned by root for shutting down the database.

The script will do a 'su - oracle -c $ORACLE_HOME/bin/dbshut'  ( or whatever script you use to shutdown the databases )

Modify your dbshut script to spool out the PID's of all users sessions OS processes to a text file.  This can be obtained from v$session.

Do this before shutting down the database.  

Then from the script owned by root, you can check to see if any of those processes are still running ( they're in the text file from the previous step), and kill them.


0
 
LVL 2

Accepted Solution

by:
mapc earned 75 total points
ID: 2623275
Use sudo:
http://www.courtesan.com/sudo/

It's highly configurable and will allow you to do it in better manner.
You will then use command sudo command by oracle.
Then, as you said, create some script which will do the work for you, and in sudo config enable just oracle to run this script as root.
Hope that it helps.
p.s. sudo has great man page :)
0
 

Author Comment

by:apgar
ID: 2623756
The oracle script performs several different functions:  cold backup and  export, weekly reorgs, index rebuilds, recycle listener, etc. so I would like to keep that as oracle.
The users are RF devices (radio
frequency) and often they are not logged off correctly or battery problems cause them to keep a connection to the server..not oracle.
(No entry in the v$session table)

These connection eventually start eating up the CPU causing major slowdowns.  Our goal was to kill any RF connections when the database is shutdown since we know they should be
logged off anyway. We only want to kill any connection remaining after the database is down.

My concern about separate jobs is that if there is a request to cancel a backup (which does happen from time to time) is that ops would fail to cancel both jobs....meaning that either all RF's would be killed or the backup would run taking them down for 30-45 mins.

I'm going to look in to SUDO.



0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

My previous tech tip, Installing the Solaris OS From the Flash Archive On a Tape (http://www.experts-exchange.com/articles/OS/Unix/Solaris/Installing-the-Solaris-OS-From-the-Flash-Archive-on-a-Tape.html), discussed installing the Solaris Operating S…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now