Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Do users need access to UDUMP, CDUMP and BDUMP?

Posted on 2008-10-01
7
1,978 Views
Last Modified: 2009-04-09
Experts,

          Do OS users need access to ORacle UDUMP, CDUMP and BDUMP files? If users only have READ persmissions then is this a security issue?

THanks MIssyMadi
0
Comment
Question by:missymadi
7 Comments
 
LVL 74

Expert Comment

by:sdstuber
ID: 22615678
it can be a security issue, however, the files in those directories can be absolutely necessary for debugging purposes and/or tuning.

You can block access to them, but if you do that, then you'll have to have somebody available to retrieve the files for the blocked users when they are needed.
0
 
LVL 23

Expert Comment

by:paquicuba
ID: 22615899
sdstuber is right, normally you don't allow users to access the default directory for security reasons. What you can do is create a script to move certain files to a separate server or allow users to change the directory via a stored proc.

Here is a Tom's example:
http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:26070651474562
0
 
LVL 23

Expert Comment

by:David
ID: 22615912
It's more like the DBAs and the dump-file owners need access; others do not.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:missymadi
ID: 22616180
Is tracing information the only info. collected in the dump files?
0
 
LVL 74

Expert Comment

by:sdstuber
ID: 22616202
memory dumps and status info will be written for errors
0
 

Author Comment

by:missymadi
ID: 22616388
So is it safe to assume that removing Users OS account (READ) completly from the dump files and only allowing Admin, System and dba's will not break the db functionality?  I know for some files, the USER account must have a least READ or an error will occur.
0
 
LVL 74

Accepted Solution

by:
sdstuber earned 75 total points
ID: 22616422
the only account that "needs" access is the oracle account itself.  If you give it to the entire dba group and other admins, that's fine too.  

As long as oracle itself can write to the files, the db will run just fine
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
clob to char in oracle 3 62
Oracle DB monitor SW 21 60
SQL Workhours Count beetween Workhours 3 25
making a message body variable from an oracle select statement 4 23
Working with Network Access Control Lists in Oracle 11g (part 1) Part 2: http://www.e-e.com/A_9074.html So, you upgraded to a shiny new 11g database and all of a sudden every program that used UTL_MAIL, UTL_SMTP, UTL_TCP, UTL_HTTP or any oth…
From implementing a password expiration date, to datatype conversions and file export options, these are some useful settings I've found in Jasper Server.
This video explains at a high level with the mandatory Oracle Memory processes are as well as touching on some of the more common optional ones.
This videos aims to give the viewer a basic demonstration of how a user can query current session information by using the SYS_CONTEXT function

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question