Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Do users need access to UDUMP, CDUMP and BDUMP?

Posted on 2008-10-01
7
Medium Priority
?
1,992 Views
Last Modified: 2009-04-09
Experts,

          Do OS users need access to ORacle UDUMP, CDUMP and BDUMP files? If users only have READ persmissions then is this a security issue?

THanks MIssyMadi
0
Comment
Question by:missymadi
7 Comments
 
LVL 74

Expert Comment

by:sdstuber
ID: 22615678
it can be a security issue, however, the files in those directories can be absolutely necessary for debugging purposes and/or tuning.

You can block access to them, but if you do that, then you'll have to have somebody available to retrieve the files for the blocked users when they are needed.
0
 
LVL 23

Expert Comment

by:paquicuba
ID: 22615899
sdstuber is right, normally you don't allow users to access the default directory for security reasons. What you can do is create a script to move certain files to a separate server or allow users to change the directory via a stored proc.

Here is a Tom's example:
http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:26070651474562
0
 
LVL 23

Expert Comment

by:David
ID: 22615912
It's more like the DBAs and the dump-file owners need access; others do not.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 

Author Comment

by:missymadi
ID: 22616180
Is tracing information the only info. collected in the dump files?
0
 
LVL 74

Expert Comment

by:sdstuber
ID: 22616202
memory dumps and status info will be written for errors
0
 

Author Comment

by:missymadi
ID: 22616388
So is it safe to assume that removing Users OS account (READ) completly from the dump files and only allowing Admin, System and dba's will not break the db functionality?  I know for some files, the USER account must have a least READ or an error will occur.
0
 
LVL 74

Accepted Solution

by:
sdstuber earned 300 total points
ID: 22616422
the only account that "needs" access is the oracle account itself.  If you give it to the entire dba group and other admins, that's fine too.  

As long as oracle itself can write to the files, the db will run just fine
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Why doesn't the Oracle optimizer use my index? Querying too much data Most Oracle developers know that an index is useful when you can use it to restrict your result set to a small number of the total rows in a table. So, the obvious side…
Have you ever had to make fundamental changes to a table in Oracle, but haven't been able to get any downtime?  I'm talking things like: * Dropping columns * Shrinking allocated space * Removing chained blocks and restoring the PCTFREE * Re-or…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question