An unprivileged user
Verify that the unprivileged user nobody exists on the system. The nobody user
must own the external jobs (extjob) executable after the installation.
Metalink Note 357575.1 further describes what exactly is a unprivileged user:
Unprivileged user:
As the purpose of the user is essentially to allow database users to execute external jobs, you should not use the oracle user. The oracle user is a powerful user; obviously they can shut down the database, and have access to a number of resources, oracle and otherwise. You would not want to give any database user with privileges to schedule this job (actually create external job privs.) the ability to perform all oracle actions; at least not in a normal environment. For security purposes, it is best to create a user with minimum privileges required to do the job. For example, if it reads from a specific directory, give them access to that directory, but not to the oracle binaries directory.The need for the low privilege user is simply a security measure. The term unprivileged user, in many contexts, is used to refer to a non-DBA user; it's a general term for a non super user.
How To create an Unprivileged User?
You must create a new unprivileged local user to own the extjob executable. You can use any user name for this user, but this document uses the name extjob. To create the extjob user, enter the following command:
# /usr/sbin/useradd extjob
Verifying that the User nobody Exists
Before installing the software, perform the following procedure to verify that the nobody user exists on the system:
To determine whether the user exists, enter the following command:
# id nobody
If this command displays information about the nobody user, then you do not have to create that user.
If the nobody user does not exist, then enter the following command to create it:
# /usr/sbin/useradd nobody
Posts
No comments:
Post a Comment