troubleshooting Question

installing/patching Oracle 11g, 12c, 19c requires umask of 022 (& umask 027 wont work)?

Avatar of sunhux
sunhux asked on
Oracle DatabaseLinux SecurityOS Security
4 Comments2 Solutions110 ViewsLast Modified:
our DBA shared that he would run into issues with installing or applying Oracle 11g patches
if 'umask 027' is set  & he requires it to be 'umask 022'  (basically rwxr-xr-x  for all Oracle DB
or its related files &  folders).

Q1:
Is it the right practice for him to set  either  global umask (in /etc/profile) or Oracle's  (in
$ORACLE_HOME/.profile)?

Or only set  'umask 022' in $ORACLE_HOME/.profile for the session he's installing/patching
& once it's over, set it back to 'umask 027'?   External audit requires that we set individual
users'  as well as global (in /etc/profile) umask to minimally 027

Q2:
Or what's the recommended practice??

Q3:
My gut feel is to identify which files/folders  Oracle installation/patching requires &
set using Linux's  (we use Oracle linux & RHEL 7)  the relevant ACLs to give a granular
permission ie to fulfill 'need-to basis' : so we don't just grant entire group or 'Others'
Read (& Execute)  unnecessarily.  If we should adopt the ACL method,  can anyone
share which files/folders in Oracle 12c & 19c requires which id (oracle id?) what
types of access (read, execute, write?)
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 2 Answers and 4 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 2 Answers and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros