Solved

Do users need access to UDUMP, CDUMP and BDUMP?

Posted on 2008-10-01
7
1,970 Views
Last Modified: 2009-04-09
Experts,

          Do OS users need access to ORacle UDUMP, CDUMP and BDUMP files? If users only have READ persmissions then is this a security issue?

THanks MIssyMadi
0
Comment
Question by:missymadi
7 Comments
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
it can be a security issue, however, the files in those directories can be absolutely necessary for debugging purposes and/or tuning.

You can block access to them, but if you do that, then you'll have to have somebody available to retrieve the files for the blocked users when they are needed.
0
 
LVL 23

Expert Comment

by:paquicuba
Comment Utility
sdstuber is right, normally you don't allow users to access the default directory for security reasons. What you can do is create a script to move certain files to a separate server or allow users to change the directory via a stored proc.

Here is a Tom's example:
http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:26070651474562
0
 
LVL 23

Expert Comment

by:David
Comment Utility
It's more like the DBAs and the dump-file owners need access; others do not.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:missymadi
Comment Utility
Is tracing information the only info. collected in the dump files?
0
 
LVL 73

Expert Comment

by:sdstuber
Comment Utility
memory dumps and status info will be written for errors
0
 

Author Comment

by:missymadi
Comment Utility
So is it safe to assume that removing Users OS account (READ) completly from the dump files and only allowing Admin, System and dba's will not break the db functionality?  I know for some files, the USER account must have a least READ or an error will occur.
0
 
LVL 73

Accepted Solution

by:
sdstuber earned 75 total points
Comment Utility
the only account that "needs" access is the oracle account itself.  If you give it to the entire dba group and other admins, that's fine too.  

As long as oracle itself can write to the files, the db will run just fine
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Working with Network Access Control Lists in Oracle 11g (part 2) Part 1: http://www.e-e.com/A_8429.html Previously, I introduced the basics of network ACL's including how to create, delete and modify entries to allow and deny access.  For many…
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
This video shows setup options and the basic steps and syntax for duplicating (cloning) a database from one instance to another. Examples are given for duplicating to the same machine and to different machines
This video shows how to configure and send email from and Oracle database using both UTL_SMTP and UTL_MAIL, as well as comparing UTL_SMTP to a manual SMTP conversation with a mail server.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now