1harsha
asked on
Sybase - Extended Stored Procedures/XP SREVER..
Sybase Extended Stored Procedure -UNIX Privilages:
When writing/executing the 'C' code for creating a custom ESP, do I need to use user 'sybase' (with extensive unix privilages)?
If no, do we need user 'sybase' during the FIRST start of the XP SERVER.
Does the security context settings associated with xp_cmdshell(system supplied ESP) pertain to that one ESP or does it affect the user created ones too?
Pls. help me as I dont seem to get any info. which answers my question from SYBASE site.
When writing/executing the 'C' code for creating a custom ESP, do I need to use user 'sybase' (with extensive unix privilages)?
If no, do we need user 'sybase' during the FIRST start of the XP SERVER.
Does the security context settings associated with xp_cmdshell(system supplied ESP) pertain to that one ESP or does it affect the user created ones too?
Pls. help me as I dont seem to get any info. which answers my question from SYBASE site.
ASKER
Let me explain my prob. in detail.
I am a developer, trying to Use ESP's for replication.
Our DBA's dont like the idea of someone using 'SYBASE' user permissions.
-------------------
Assume
1.The ASE is up and running(DBA's job).
2.The DBA runs a system ESP(I dont care which one) to start the xp_server. OK, now the ASE & xp_server is up and running.
Now for the questions
1.When I try to run a custom ESP would it have to run under the security context of the xp_server that is(user 'sybase')?
IF so,
IS there no way I could restrict permisisons (unix shell) of this custom ESP so that the DBA's would be pleased.?
By the way are you a DBA?
Real 'nice'(*^@$#@$) guys these DBA's.
just kidding ....
I am a developer, trying to Use ESP's for replication.
Our DBA's dont like the idea of someone using 'SYBASE' user permissions.
-------------------
Assume
1.The ASE is up and running(DBA's job).
2.The DBA runs a system ESP(I dont care which one) to start the xp_server. OK, now the ASE & xp_server is up and running.
Now for the questions
1.When I try to run a custom ESP would it have to run under the security context of the xp_server that is(user 'sybase')?
IF so,
IS there no way I could restrict permisisons (unix shell) of this custom ESP so that the DBA's would be pleased.?
By the way are you a DBA?
Real 'nice'(*^@$#@$) guys these DBA's.
just kidding ....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OK, now you earned your points.
Thanks for the help.
Thanks for the help.
ASKER
Jkotek:
This is a 'solved case':
I think if you read thru it you will notice that no matter what you need super user privilages. This round about fashion and stupid f*&**% approach that
SYBASE has leaves me with one option wait for a day when I can switch to UDB or Oracle.
No wonder the Share prive nor the market share ever goes up.
Case ID: 10376300 Product: Adaptive Server Enterprise
Open Date: 03/27/1998 12:37:58 OS: HP-UX 10.20
Version/EBF: 1150 Generic Platform: HP 9000/800 Generic
Problem Description:
xp server xp_cmdshell error - user access denied Failed to change the user context when you executed xp_cmdshell 'ls' from isql using a server login that matched your unix login and sp_configure ' xp_cmdshell context ' set to 1
Tip or Workaround:
Resolution:
The unix user id, for example sybase, must have super-user root privilege so that the unix user id with the same ASE userid can execute xp_cmdshell with their unix user account's privileges and with sp_configure " xp_cmdshell context " set to 1
Other Sources Related to Issue(Type - Location):
TechNote -
TechNote -
This is a 'solved case':
I think if you read thru it you will notice that no matter what you need super user privilages. This round about fashion and stupid f*&**% approach that
SYBASE has leaves me with one option wait for a day when I can switch to UDB or Oracle.
No wonder the Share prive nor the market share ever goes up.
Case ID: 10376300 Product: Adaptive Server Enterprise
Open Date: 03/27/1998 12:37:58 OS: HP-UX 10.20
Version/EBF: 1150 Generic Platform: HP 9000/800 Generic
Problem Description:
xp server xp_cmdshell error - user access denied Failed to change the user context when you executed xp_cmdshell 'ls' from isql using a server login that matched your unix login and sp_configure ' xp_cmdshell context ' set to 1
Tip or Workaround:
Resolution:
The unix user id, for example sybase, must have super-user root privilege so that the unix user id with the same ASE userid can execute xp_cmdshell with their unix user account's privileges and with sp_configure " xp_cmdshell context " set to 1
Other Sources Related to Issue(Type - Location):
TechNote -
TechNote -
The xp_cmdshell gives you permissions of this user so you should prevent ordinary users from using it (so they cannot execute OS commands on server with permissions of sybase user).
The "xp_cmdshell context" config parameter prevents this and works ONLY with the xp_cmdshell. Permissions to other ESP can be granted/revoked as with normal stored procedures.