Re: Unix script to stop password-protected listener
Hi Michal, It's a security breach and bug #2366907 has been opened for that. So protect carefully your listener.ora file from non privileged readers. Regards At 01:53 08/10/2002 -0800, you wrote: Yes, you can change your listener.ora file permission up to 600 on the server side. In a shell script you can then use encrypted password found in listener.ora on line PASSWORDS_listener. lsnrctl EOF set password C6C144CF750E3CA5 stop exit EOF If the password is not in the listener.ora file, run lsnrctl, set password manualy and execute SAVE_CONFIG. This will write a line into your listener.ora file with the encrypted password. HTH, Mike Gilles Parc carpe diem !! -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Gilles PARC INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Re: Unix script to stop password-protected listener
Yes, you can change your listener.ora file permission up to 600 on the server side. In a shell script you can then use encrypted password found in listener.ora on line PASSWORDS_listener. lsnrctl EOF set password C6C144CF750E3CA5 stop exit EOF If the password is not in the listener.ora file, run lsnrctl, set password manualy and execute SAVE_CONFIG. This will write a line into your listener.ora file with the encrypted password. HTH, Mike Choudhary Rajendra (TTL_LKO) pe: Hi , We can very well protect the Server side executables by changing the permission of the file . We had implemented this on all our database sites and normal user don't have access to lsnrctl,svrmgrl,namesctl etc .You can also protect the listener.ora file by changing the permission to 770 or 700 as applicable to your environment . The sqlnet.ora file need to be given read access to all and also the tnsnames.ora file (If you have not gone for nameserver) . Regards Rajendra -Original Message- Sent: Tuesday, October 08, 2002 11:13 AM To: Multiple recipients of list ORACLE-L Hi, Solaris 8, Oracle 9i listener It seems that anyone who has a login on Solaris can shut the listener down. I have tried with a non-dba userid and could stop the listener. The default file permission for ORACLE_HOME/bin/lsnrctl is 751, and for ORACLE_HOME/network/admin/listener.ora file is 644. I asked Oracle if I could change them to 750 and 640 respectively and they said that you should not change the defaults since they are verified against the system. So I password protected it. However to stop a password-protect listener you need to do the following interactively: run lsnrctl, issue set password command, put in the password, issue stop, issue exit. I need to implement this stop in a Shell script so that I can call the script at the server reboot time. Do you know how to supply a password to lsnrctl set password command in a script? Have attempted with the script but have not got it worked yet. Thanks Long -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Choudhary Rajendra (TTL_LKO) INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Ing. Michal Zaschke DB Administrator Sokolovska uhelna, a.s. phone: +420 352 465417 e-mail: [EMAIL PROTECTED] -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Michal Zaschke INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
Unix script to stop password-protected listener
Hi, Solaris 8, Oracle 9i listener It seems that anyone who has a login on Solaris can shut the listener down. I have tried with a non-dba userid and could stop the listener. The default file permission for ORACLE_HOME/bin/lsnrctl is 751, and for ORACLE_HOME/network/admin/listener.ora file is 644. I asked Oracle if I could change them to 750 and 640 respectively and they said that you should not change the defaults since they are verified against the system. So I password protected it. However to stop a password-protect listener you need to do the following interactively: run lsnrctl, issue set password command, put in the password, issue stop, issue exit. I need to implement this stop in a Shell script so that I can call the script at the server reboot time. Do you know how to supply a password to lsnrctl set password command in a script? Have attempted with the script but have not got it worked yet. Thanks Long -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).
RE: Unix script to stop password-protected listener
Hi , We can very well protect the Server side executables by changing the permission of the file . We had implemented this on all our database sites and normal user don't have access to lsnrctl,svrmgrl,namesctl etc .You can also protect the listener.ora file by changing the permission to 770 or 700 as applicable to your environment . The sqlnet.ora file need to be given read access to all and also the tnsnames.ora file (If you have not gone for nameserver) . Regards Rajendra -Original Message- Sent: Tuesday, October 08, 2002 11:13 AM To: Multiple recipients of list ORACLE-L Hi, Solaris 8, Oracle 9i listener It seems that anyone who has a login on Solaris can shut the listener down. I have tried with a non-dba userid and could stop the listener. The default file permission for ORACLE_HOME/bin/lsnrctl is 751, and for ORACLE_HOME/network/admin/listener.ora file is 644. I asked Oracle if I could change them to 750 and 640 respectively and they said that you should not change the defaults since they are verified against the system. So I password protected it. However to stop a password-protect listener you need to do the following interactively: run lsnrctl, issue set password command, put in the password, issue stop, issue exit. I need to implement this stop in a Shell script so that I can call the script at the server reboot time. Do you know how to supply a password to lsnrctl set password command in a script? Have attempted with the script but have not got it worked yet. Thanks Long -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing). -- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Choudhary Rajendra (TTL_LKO) INET: [EMAIL PROTECTED] Fat City Network Services-- 858-538-5051 http://www.fatcity.com San Diego, California-- Mailing list and web hosting services - To REMOVE yourself from this mailing list, send an E-Mail message to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).