Solved

Do users need access to UDUMP, CDUMP and BDUMP?

Posted on 2008-10-01
7
1,982 Views
Last Modified: 2009-04-09
Experts,

          Do OS users need access to ORacle UDUMP, CDUMP and BDUMP files? If users only have READ persmissions then is this a security issue?

THanks MIssyMadi
0
Comment
Question by:missymadi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 74

Expert Comment

by:sdstuber
ID: 22615678
it can be a security issue, however, the files in those directories can be absolutely necessary for debugging purposes and/or tuning.

You can block access to them, but if you do that, then you'll have to have somebody available to retrieve the files for the blocked users when they are needed.
0
 
LVL 23

Expert Comment

by:paquicuba
ID: 22615899
sdstuber is right, normally you don't allow users to access the default directory for security reasons. What you can do is create a script to move certain files to a separate server or allow users to change the directory via a stored proc.

Here is a Tom's example:
http://asktom.oracle.com/pls/asktom/f?p=100:11:0::::P11_QUESTION_ID:26070651474562
0
 
LVL 23

Expert Comment

by:David
ID: 22615912
It's more like the DBAs and the dump-file owners need access; others do not.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:missymadi
ID: 22616180
Is tracing information the only info. collected in the dump files?
0
 
LVL 74

Expert Comment

by:sdstuber
ID: 22616202
memory dumps and status info will be written for errors
0
 

Author Comment

by:missymadi
ID: 22616388
So is it safe to assume that removing Users OS account (READ) completly from the dump files and only allowing Admin, System and dba's will not break the db functionality?  I know for some files, the USER account must have a least READ or an error will occur.
0
 
LVL 74

Accepted Solution

by:
sdstuber earned 75 total points
ID: 22616422
the only account that "needs" access is the oracle account itself.  If you give it to the entire dba group and other admins, that's fine too.  

As long as oracle itself can write to the files, the db will run just fine
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
make null the repeated levels 2 48
SQL query for highest sequence 4 74
error doing substr 3 51
Oracle - BLOB Extract Line 2 13
This post first appeared at Oracleinaction  (http://oracleinaction.com/undo-and-redo-in-oracle/)by Anju Garg (Myself). I  will demonstrate that undo for DML’s is stored both in undo tablespace and online redo logs. Then, we will analyze the reaso…
When it comes to protecting Oracle Database servers and systems, there are a ton of myths out there. Here are the most common.
Via a live example show how to connect to RMAN, make basic configuration settings changes and then take a backup of a demo database
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question