FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 12-01-2009, 09:01 PM
John R Pierce
 
Default best practises for avoiding to write passwords in shell scripts (example sqlplus from Oracle)

Sven Aluoor wrote:
> Hi folks
>
> I have here a CentOS box where i need to setup cronjob (with session
> to remote Oracle instance). On the remote DB i have no access, expect
> limited user.
>
> How to avoid putting passwords in shell scripts?
>
> The solution doesn't need to be perfect, only better than plain text
> passwords in scripts.
> Mostly remote host only support password authentication (no
> certificates and so on).
>

postgresql supports a .pgpasswd file in the users home directory thats
permission 600, so only the owner can access it.
Maybe Oracle has something similar?


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-01-2009, 10:03 PM
"nate"
 
Default best practises for avoiding to write passwords in shell scripts (example sqlplus from Oracle)

Sven Aluoor wrote:
> Hi folks
>
> I have here a CentOS box where i need to setup cronjob (with session
> to remote Oracle instance). On the remote DB i have no access, expect
> limited user.

With sqlplus and oracle I pretty much always ran scripts
as sysdba

from one of my scripts that fires up Oracle ASM:
# Set variables for ASM sid (first)
su $ORACLE_USERNAME -c "echo "startup" | sqlplus / as sysdba" | tee
$ASM_STARTUP_LOG

another example -
su $ORACLE_USERNAME -c "sqlplus / as sysdba
@/home/oracle/sql/snapshot-restore/restore-from-prod-oracle-change-passwords.sql"
| tee -a $FINAL_SQL_LOG

If I needed to login as a specific user to oracle I would login
as sysdba and run

alter session set current_schema=OTHER_USER_NAME;

to change the user name after login.

So no passwords needed.

For servers, everything automated relies on ssh key based auth.

I'm no Oracle expert by any means!

nate


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 12-01-2009, 10:15 PM
"nate"
 
Default best practises for avoiding to write passwords in shell scripts (example sqlplus from Oracle)

nate wrote:
> Sven Aluoor wrote:
>> Hi folks
>>
>> I have here a CentOS box where i need to setup cronjob (with session
>> to remote Oracle instance). On the remote DB i have no access, expect
>> limited user.
>
> With sqlplus and oracle I pretty much always ran scripts
> as sysdba

If this doesn't work then you can try scheduling the jobs
from inside oracle itself using the oracle scheduler, run as
your user, wouldn't expect any password is needed

http://www.oracle.com/technology/products/database/scheduler/htdocs/scheduler_fov.html



nate


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 10:28 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org