在Redhat 上安装oracle的官方文档里面,增加oracle相关用户的时候,并没有提及需要增加nobody用户,
原因应该是在redhat上nobody用户是默认存在,并且是属于组nobody的。
但是在Ubuntu9.04上,虽然有nobody用户,但是其属于nogroup组,所以需要添加nobody用户到nobody组,nobody组如果不存在,则需要创建。
同样如果安装在其他oracle不支持的liunx版本上的时候,仍然需要通过 id nobody 来验证是否存在nobody用户,并验证是否其属于nobody组。
首先nobody是一个普通用户,非特权用户。 使用nobody用户名的目的是,使任何人都可以登录系统,但是其UID和GID不提供任何特权,即该uid和gid只能访问人人皆可读写的文件。
其次,许多系统中都按惯例地默认创建一个nobody,尽量限制它的权限至最小,当服务器向外服务时,可能会让client以nobody的身份登录。
nobody在linux中是一个不能登陆的帐号,一些服务进程如apache,aquid等都采用一些特殊的帐号来运行,比如nobody,news,games等等,这就可以防止程序本身有安全问题的时候,不会被黑客获得root权限。
nobody用户在oracle中的说明:
Unprivileged user:
As the purpose of the user is essentially to allow database users to execute external jobs, you should not use the oracle user. The oracle user is a powerful user; obviously they can shut down the database, and have access to a number of resources, oracle and otherwise. You would not want to give any database user with privileges to schedule this job (actually create external job privs.) the ability to perform all oracle actions; at least not in a normal environment. For security purposes, it is best to create a user with minimum privileges required to do the job. For example, if it reads from a specific directory, give them access to that directory, but not to the oracle binaries directory.
The need for the low privilege user is simply a security measure. The term unprivileged user, in many contexts, is used to refer to a non-DBA user; it's a general term for a non super user.
原因应该是在redhat上nobody用户是默认存在,并且是属于组nobody的。
但是在Ubuntu9.04上,虽然有nobody用户,但是其属于nogroup组,所以需要添加nobody用户到nobody组,nobody组如果不存在,则需要创建。
同样如果安装在其他oracle不支持的liunx版本上的时候,仍然需要通过 id nobody 来验证是否存在nobody用户,并验证是否其属于nobody组。
首先nobody是一个普通用户,非特权用户。 使用nobody用户名的目的是,使任何人都可以登录系统,但是其UID和GID不提供任何特权,即该uid和gid只能访问人人皆可读写的文件。
其次,许多系统中都按惯例地默认创建一个nobody,尽量限制它的权限至最小,当服务器向外服务时,可能会让client以nobody的身份登录。
nobody在linux中是一个不能登陆的帐号,一些服务进程如apache,aquid等都采用一些特殊的帐号来运行,比如nobody,news,games等等,这就可以防止程序本身有安全问题的时候,不会被黑客获得root权限。
nobody用户在oracle中的说明:
Unprivileged user:
As the purpose of the user is essentially to allow database users to execute external jobs, you should not use the oracle user. The oracle user is a powerful user; obviously they can shut down the database, and have access to a number of resources, oracle and otherwise. You would not want to give any database user with privileges to schedule this job (actually create external job privs.) the ability to perform all oracle actions; at least not in a normal environment. For security purposes, it is best to create a user with minimum privileges required to do the job. For example, if it reads from a specific directory, give them access to that directory, but not to the oracle binaries directory.
The need for the low privilege user is simply a security measure. The term unprivileged user, in many contexts, is used to refer to a non-DBA user; it's a general term for a non super user.
扫一扫
1070
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
