No question at this time
DBA Top 10
1 M. Cadot 10800
2 B. Vroman 6500
3 A. Kavsek 5600
4 J. Schnackenberg 2600
5 P. Wisse 2200
5 J. PĂ©ran 2200
7 T. Boles 600
8 D. Dave 400
9 . Lauri 200
9 R. Rao Kulkarni 200
9 H. Bhangu 200
9 V. Gupta 200
9 A. Bourgeois 200
9 M. Jain 200
9 K. Pingeli 200
9 J. Baet 200
9 B. Jacobs 200
9 R. Pastre 200
About
DBA-Village
The DBA-Village forum
Forum as RSS
as RSS feed
Site Statistics
Ever registered users48605
Total active users1406
Act. users last 24h5
Act. users last hour0
Registered user hits last week164
Registered user hits last month694
Go up

permission of listener.ora
Next thread: Grant Select rights future objects
Prev thread: AWR Report Analysis

Message Score Author Date
Hi , During an audit the customer found that th...... saumya das Apr 24, 2021, 12:11
Hi Saumya, that's quite an interesting audit. ...... Jan Schnackenberg Apr 26, 2021, 19:20
Hi Saumya, -a- Don't "oracle" and "grid" both ...... Score: 100 PtsScore: 100 PtsScore: 100 PtsScore: 100 PtsScore: 100 Pts Bruno Vroman Apr 26, 2021, 19:21
Hi Bruno , Thanks for the reply. I have not te...... saumya das Apr 28, 2021, 09:00

Follow up by mail Click here


Subject: permission of listener.ora
Author: saumya das, India
Date: Apr 24, 2021, 12:11, 17 days ago
Os info: AIX 7
Oracle info: oracle 12c RAC
Message: Hi ,

During an audit the customer found that the permission of listener.ora is 644. They suggested it to be 600 , In NonRAC environment the permission 600 is okay , But for RAC the owner of listener.ora is grid user , So permission 644 is required , Please share what should be the permission. Any guidance will be helpful

Thanks
Saumya
Goto: Reply - Top of page 
If you think this item violates copyrights, please click here

Subject: Re: permission of listener.ora
Author: Jan Schnackenberg, Germany
Date: Apr 26, 2021, 19:20, 15 days ago
Message: Hi Saumya,

that's quite an interesting audit.

Basically: You're (partly) right. But they are, too.

If you want to be able to use lsnrctl als "oracle" user to query the state of the various listeners on your RAC node, then you'll need access to the listener.ora, requiring permissions to read it.

But: This is not strictly necessary to operate databases. You can run your database instance without even having a listener.ora.

So your "requirement" is basically just a "I want to have it", not a "I need it".



I'd be interested in the reasoning for read-protecting this file, since I cannot think of something mandating protection that might be in this file, but if your auditor requires it, then: just accept it.

Your oracle-user does not manage the listeners anyway. So he doesn't need the files containing their configuration.



Regards,
Jan
Your rating?: This reply is Good Excellent
Goto: Reply - Top of page 
If you think this item violates copyrights, please click here

Subject: Re: permission of listener.ora
Author: Bruno Vroman, Belgium
Date: Apr 26, 2021, 19:21, 15 days ago
Score:   Score: 100 PtsScore: 100 PtsScore: 100 PtsScore: 100 PtsScore: 100 Pts
Message: Hi Saumya,

-a-
Don't "oracle" and "grid" both belong to group "oinstall"? Then what about trying 640 as permissions, with things like
rw-r-----  1 grid   oinstall    ...
(and then user "oracle" can read the file, ...

-b-
... if it is necessary -thing that I won't test-)

-c-
(and maybe 600 is OK as "grid" is the only one needing to access the file)

HTH,

Bruno Vroman
Your rating?: This reply is Good Excellent
Goto: Reply - Top of page 
If you think this item violates copyrights, please click here

Subject: Re: permission of listener.ora
Author: saumya das, India
Date: Apr 28, 2021, 09:00, 13 days ago
Message: Hi Bruno ,

Thanks for the reply.
I have not tested the option 640 permission of listener.ora.
But the audit team wants permission as 600.
But i feel if we put the permission as 600 Then only grid user have access , Other os users will not have access to listener.ora . Definitely i need to test the scenarios and will update you with the results.

Thanks a lot for your reply.

Regards
Saumya
Your rating?: This reply is Good Excellent
Goto: Reply - Top of page 
If you think this item violates copyrights, please click here