[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Sybase - Extended Stored Procedures/XP SREVER..

Posted on 2000-03-15
5
Medium Priority
?
2,361 Views
Last Modified: 2012-05-04
Sybase Extended Stored Procedure -UNIX Privilages:
When writing/executing the 'C' code for creating a custom ESP, do I need to use user 'sybase' (with extensive unix privilages)?

If no, do we need user 'sybase' during the FIRST start of the XP SERVER.
 
Does the security context settings associated with xp_cmdshell(system supplied ESP) pertain to that one ESP or does it affect the user created ones too?
Pls. help me as I dont seem to get any info. which answers my question from SYBASE site.
0
Comment
Question by:1harsha
  • 3
  • 2
5 Comments
 
LVL 2

Expert Comment

by:jkotek
ID: 2624533
Well, AFAIK the XP server runs under same OS account as the associated dataserver (sybase user by default) so you need that account to have the ASE up and running.
The xp_cmdshell gives you permissions of this user so you should prevent ordinary users from using it (so they cannot execute OS commands on server with permissions of sybase user).
The "xp_cmdshell context" config parameter prevents this and works ONLY with the xp_cmdshell. Permissions to other ESP can be granted/revoked as with normal stored procedures.
0
 

Author Comment

by:1harsha
ID: 2625009
Let me explain my prob. in detail.
I am a developer, trying to Use ESP's for replication.
Our DBA's dont like the idea of someone using 'SYBASE' user permissions.
-------------------
Assume
1.The ASE is up and running(DBA's job).
2.The DBA runs a system ESP(I dont care which one) to start the xp_server. OK, now the ASE & xp_server is  up and running.

Now for the questions
1.When I try to run a custom ESP would it have to run under the security context of the xp_server that is(user 'sybase')?
IF so,
IS there no way I could restrict permisisons (unix shell) of this custom ESP so that the DBA's would be pleased.?

By the way are you a DBA?
Real 'nice'(*^@$#@$) guys these DBA's.  
just kidding ....


















0
 
LVL 2

Accepted Solution

by:
jkotek earned 800 total points
ID: 2628139
Just checked my ASE install...

In fact during installation of ASE you can choose under which OS account the XP server runs (default is sybase user). The 'XP user' should have access to the dlls where you have the C code for ESPs and that is the only requierement.
I have looked in the docs, but cannot find how to change this XP user - maybye sybconfig (I run on NT, sorry)?.

I see two points where you can argument with dba:

1) let him change the user the XP server runs under to something 'safer' than sybase user (this won't affect the dataserver - it can run under different user than XP server) - that way the XP user won't have access to the dataserver's devices (files/partitions) where ASE stores data (they are usually owned by dataserver user [sybase]).

2) the access to the ESP is managed by standard db means - grant/revoke stuff.

BTW I am presale consultant from one of Sybase's distributors.
0
 

Author Comment

by:1harsha
ID: 2628367
OK, now you earned your points.
Thanks for the help.

0
 

Author Comment

by:1harsha
ID: 2628829
Jkotek:
This is a 'solved case':
I think if you read thru it you will notice that no matter what you need super user privilages. This round about fashion and stupid f*&**% approach that
SYBASE has leaves me with one option wait for a day when I can switch to UDB or Oracle.
No wonder the Share prive nor the market share ever goes up.

Case ID: 10376300 Product: Adaptive Server Enterprise
Open Date: 03/27/1998 12:37:58 OS: HP-UX 10.20
Version/EBF: 1150 Generic Platform: HP 9000/800 Generic
Problem Description:
xp server xp_cmdshell error -  user access denied Failed to change the user context when you executed xp_cmdshell 'ls' from isql using a server  login that matched your unix login and sp_configure ' xp_cmdshell context ' set to 1
 
Tip or Workaround:
 
Resolution:
The unix user id, for example sybase, must have super-user root privilege so that the unix user id with the same ASE userid can execute xp_cmdshell with their unix user account's privileges and with sp_configure " xp_cmdshell context " set to 1
 
Other Sources Related to Issue(Type - Location):
TechNote -  
TechNote -

0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

LinkedIn blogging is great for networking, building up an audience, and expanding your influence as well. However, if you want to achieve these results, you need to work really hard to make your post worth liking and sharing. Here are 4 tips that ca…
MSSQL DB-maintenance also needs implementation of multiple activities. However, unprecedented errors can hamper the database management. In that case, deploying Stellar SQL Database Toolkit ensures fast and accurate database and backup repair as wel…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses
Course of the Month19 days, 22 hours left to enroll

872 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question