FAQ
Does anyone have opinions of this paper?

http://www.oracle.com/technology/pub/articles/project_lockdown/project-lockdown.pdf

I found the link via Pete Finnigan, who seems to my newbie eyes an
excellent resource. Anway, we're working through this for an Oracle XE
instance that will serve a public-facing PHP application.

Section 1.4 talks about setting umask on certain directories. I'm
familiar with umask, but I'm unaware of any directory capability.
Googling "directory umask" hits a couple of pages where people ask for
such a thing and get unsatisfactory answers. man pages don't lead
anywhere.

The intent of 1.4 is to ensure that bdumps, rdbms/log, rdbms/audit and
some other folders that house dynamically created files will default
to -rw-------.

to quote:

Change umask on background_dump_dest to 0177.

Some trace files are generated here as well as the database alert log.
Permissions should be
rw------- (Read+Write by Oracle software owner only)

So, aside from the Unix question, I was wondering if others have
thoughts on this paper?

--steve smith

Search Discussions

  • Jesse, Rich at Oct 9, 2006 at 1:14 pm
    Interesting reading. I see that Arup recommends to "Change the
    permission of the redundant files $ORACLE_HOME/bin/oracleO, tnslsnr0,
    lsnrctl0, extjob0, etc. to 0000." I've always just deleted these
    immediately after installing and some time after upgrading/patching.

    Any reason that I should be keeping these around? Meatlink doesn't seem
    to have any articles dealing with this.

    Rich

    Disclaimer: "Metalink" wasn't found in my spell checker.

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org
    On Behalf Of stv
    Sent: Friday, October 06, 2006 4:51 PM
    To: oracle-l_at_freelists.org
    Subject: Project Lockdown ...

    Does anyone have opinions of this paper?

    http://www.oracle.com/technology/pub/articles/project_lockdown/project-l
    ockdown.pdf

    I found the link via Pete Finnigan, who seems to my newbie eyes an
    excellent resource. Anway, we're working through this for an Oracle XE
    instance that will serve a public-facing PHP application.

    Section 1.4 talks about setting umask on certain directories. I'm
    familiar with umask, but I'm unaware of any directory capability.
    Googling "directory umask" hits a couple of pages where people ask for
    such a thing and get unsatisfactory answers. man pages don't lead
    anywhere.

    The intent of 1.4 is to ensure that bdumps, rdbms/log, rdbms/audit and
    some other folders that house dynamically created files will default
    to -rw-------.

    to quote:

    Change umask on background_dump_dest to 0177.

    Some trace files are generated here as well as the database alert log.
    Permissions should be
    rw------- (Read+Write by Oracle software owner only)

    So, aside from the Unix question, I was wondering if others have
    thoughts on this paper?

    --steve smith
    --
    http://www.freelists.org/webpage/oracle-l
    --
    http://www.freelists.org/webpage/oracle-l
  • Ghassan Salem at Oct 9, 2006 at 1:24 pm
    I usually delete these after any relink (patch, ....). I siometimes delete
    them during the relink to recover some space (on my space constrained VMs).

    rgds
    On 10/9/06, Jesse, Rich wrote:

    Interesting reading. I see that Arup recommends to "Change the
    permission of the redundant files $ORACLE_HOME/bin/oracleO, tnslsnr0,
    lsnrctl0, extjob0, etc. to 0000." I've always just deleted these
    immediately after installing and some time after upgrading/patching.

    Any reason that I should be keeping these around? Meatlink doesn't seem
    to have any articles dealing with this.

    Rich

    Disclaimer: "Metalink" wasn't found in my spell checker.

    -----Original Message-----
    From: oracle-l-bounce_at_freelists.org
    On Behalf Of stv
    Sent: Friday, October 06, 2006 4:51 PM
    To: oracle-l_at_freelists.org
    Subject: Project Lockdown ...

    Does anyone have opinions of this paper?

    http://www.oracle.com/technology/pub/articles/project_lockdown/project-l
    ockdown.pdf

    I found the link via Pete Finnigan, who seems to my newbie eyes an
    excellent resource. Anway, we're working through this for an Oracle XE
    instance that will serve a public-facing PHP application.

    Section 1.4 talks about setting umask on certain directories. I'm
    familiar with umask, but I'm unaware of any directory capability.
    Googling "directory umask" hits a couple of pages where people ask for
    such a thing and get unsatisfactory answers. man pages don't lead
    anywhere.

    The intent of 1.4 is to ensure that bdumps, rdbms/log, rdbms/audit and
    some other folders that house dynamically created files will default
    to -rw-------.

    to quote:

    * Change umask on background_dump_dest to 0177.

    Some trace files are generated here as well as the database alert log.
    Permissions should be
    rw------- (Read+Write by Oracle software owner only)

    So, aside from the Unix question, I was wondering if others have
    thoughts on this paper?

    --steve smith
    --
    http://www.freelists.org/webpage/oracle-l
    --
    http://www.freelists.org/webpage/oracle-l

    --
    http://www.freelists.org/webpage/oracle-l

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
grouporacle-l @
categoriesoracle
postedOct 6, '06 at 9:51p
activeOct 9, '06 at 1:24p
posts3
users3
websiteoracle.com

3 users in discussion

Jesse, Rich: 1 post Ghassan Salem: 1 post Stv: 1 post

People

Translate

site design / logo © 2022 Grokbase