our DBA shared that he would run into issues with installing or applying Oracle 11g patches
if 'umask 027' is set & he requires it to be 'umask 022' (basically rwxr-xr-x for all Oracle DB
or its related files & folders).
Is it the right practice for him to set either global umask (in /etc/profile) or Oracle's (in
Or only set 'umask 022' in $ORACLE_HOME/.profile for the session he's installing/patching
& once it's over, set it back to 'umask 027'? External audit requires that we set individual
users' as well as global (in /etc/profile) umask to minimally 027
Or what's the recommended practice??
My gut feel is to identify which files/folders Oracle installation/patching requires &
set using Linux's (we use Oracle linux & RHEL 7) the relevant ACLs to give a granular
permission ie to fulfill 'need-to basis' : so we don't just grant entire group or 'Others'
Read (& Execute) unnecessarily. If we should adopt the ACL method, can anyone
share which files/folders in Oracle 12c & 19c requires which id (oracle id?) what
types of access (read, execute, write?)