<div>
UNIX permissions are UNIX permissions. &nbsp;If World has read/execute, then ANY user on the system can read/execute.<br />
<br />
I believe you will find several programs with Oracle that has World read/execute.<br />
<br />
There are also some files that you might not want ANY user to be able to read.<br />
<br />
So, I'm not sure you can achieve what you are wanting.
</div>


<div>
if your linux supports SELinux, you could try that as a means of defining a policy for all of those objects. &nbsp;(RedHat and Oracle do)<br />
<br />
I will admit I have not attempted such, but my understanding (albeit limited) of that functionality is it will allow granular control of privileges as you have described.
</div>


<div>
I believe it can be done safely with sudo; Allow the user to execute<br />
ls /opt/app/oracle/*<br />
cat /opt/app/oracle/* <br />
(and tail -f is handy)<br />
&nbsp;as root.<br />
<br />
That allows them to do slightly more sophisticated stuff like <br />
`sudo cat /opt/app/oracle/restricted<wbr />file |sed` ; Note that sed is executed as the unprivileged id, not root. (It may be possible to escape pipes and redirects to abuse this - I don't know)<br />
<br />
Don't give them sudo rights to view or sed, as those commands can be abused; If they need to do anything like that with the file, they can `cat restrictedfile &gt;&nbsp;/tmp/mycopy` and play with it there.
</div>


<div>
does the user really need access to the server ?<br />
to access trace files i copy those to a shared location<br />
<br />
Recent versions of toad have the ability to read/analyze trace files<br />
However, toad thinks it wants access to the database server for this.<br />
Placing the files in a shared location also works
</div>


<div>
<div class="content wysiwyg-content">
Hi, <br />
<br />
&nbsp; I have an Oracle databases running in a Linux server.<br />
<br />
&nbsp; The Oracle Base folder includes Oracle Homes and others ORA files/configurations.<br />
<br />
&nbsp; &nbsp;I have an issue with a user that needs access to the ORACLE Base folder, but i can only give it read only access so that she/he will be able to connect to the server using Putty or WinSCP and be able to view only the Oracle files and anything in the ORA home with read mode access.<br />
<br />
&nbsp; A local user in the server is what they are asking for. <br />
<br />
&nbsp; Is like create a user with read only access to the entire directory /opt/app/oracle.<br />
<br />
&nbsp; How to create a user that has such privileges and that it does not affect my current Oracle installations and configurations.<br />
<br />
&nbsp; Regards,<br />
<br />
&nbsp; &nbsp; &nbsp;Joe Echavarría -
</div>
</div>


Hi, 

  I have an Oracle databases running in a Linux server.

  The Oracle Base folder includes Oracle Homes and others ORA files/configurations.

   I have an issue with a user that needs access to the ORACLE Base folder, but i can only give it read only access so that she/he will be able to connect to the server using Putty or WinSCP and be able to view only the Oracle files and anything in the ORA home with read mode access.

  A local user in the server is what they are asking for. 

  Is like create a user with read only access to the entire directory /opt/app/oracle.

  How to create a user that has such privileges and that it does not affect my current Oracle installations and configurations.

  Regards,

     Joe Echavarría -

Read only access to a user

Oracle is an object-relational database management system. It supports a large number of languages and application development frameworks. Its primary languages are SQL, PL/SQL and Java, but it also includes support for C and C++. Oracle also has its own enterprise modules and application server software.

Oracle Database

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.