Skip to primary content
Skip to secondary content

DBA survival BLOG

Some DBA stuff and lots of Oracle Data Guard

DBA survival BLOG

Main menu

  • Blog
    • MAA
      • Oracle Data Guard
      • Fleet Patching and Provisioning
      • Real Application Cluster
      • Oracle Client HA
    • Other Oracle Topics
      • Oracle Upgrade, Install and Configuration
      • Oracle Multitenant
      • Performance
    • Other Databases
      • PostgreSQL
      • MySQL
      • SQL Server
    • Other Techs
      • Linux
      • DevOps & Development
      • Graph, AI, ML
      • Web technologies
        • JBoss
        • Weblogic
  • Videos
  • Slides
    • Oracle (Active) Data Guard – Master Technical Slide Deck
  • Search Oracle Documentation
    • Oracle Database 21c Documentation
    • Oracle Database 19c Documentation
    • Oracle Database 12.2 Documentation
    • Oracle Database 12c Documentation
    • Oracle Bloggers Search
  • About Me
  • My Employer

Tag Archives: personal account

Bash tips & tricks [ep. 1]: Deal with personal accounts and file permissions

Posted on March 16, 2016 by Ludovico
1

This is the first episode of a mini series of Bash tips for Linux (in case you are wondering, yes, they are respectively my favorite shell and my favorite OS 😉 ).

Episode 1: Deal with personal accounts and file permissions
Episode 2: Have a smart environment for personal accounts
Epidode 3: Colour your terminal!
Episode 4: Use logging levels
Episode 5: Write the output to a logfile
Episode 6: Check the exit code
Episode 7: Cleanup on EXIT with a trap

Description:

Nowadays it is mandatory at many companies to log in on Linux servers with a personal account (either integrated with LDAP, kerberos or whatelse) to comply with strict auditing rules.

I need to be sure that I have an environment where my modifications do not conflict with my colleagues environment.

BAD:

Shell
1
2
3
4
5
6
7
8
9
10
11
12
-bash-4.1$ id
uid=20928(ludo) gid=200(dba) groups=200(dba)
-bash-4.1$ ls -lia
total 8
8196 drwxrwxr-x   2 oracle dba  4096 Mar 15 15:14 .
   2 drwxrwxrwt. 14 root   root 4096 Mar 15 15:15 ..
-bash-4.1$ vi script.sh
... edit here...
-bash-4.1$ ls -l
total 4
-rw-r--r-- 1 ludo  dba 8 Mar 15 15:15 script.sh
-bash-4.1$

the script has been created by me, but my colleagues may need to modify it! So I need to change the ownership:

Shell
1
2
3
$ chown oracle:dba script.sh
chown: changing ownership of `script.sh': Operation not permitted
$

But I can only change the permissions:

Shell
1
2
$ chmod 775 script.sh
$

If I really want to change the owner, I have to ask to someone that has root privileges or delete the file with my account and create it with the correct one (oracle or something else).

GOOD:

  • Set the setgid bit at the directory level
  • Define an alias for my favorite editor that use sudoedit instead:

Shell
1
2
3
4
5
6
7
8
9
10
11
12
$ chmod 2751 .
$ ls -lia
total 4
8196 drwxr-s--x 2 oracle dba  4096 Mar 15 15:26 .
$ alias vi='SUDO_EDITOR=/usr/bin/vim sudoedit -u oracle '
$ vi script.sh
[sudo] password for ludo:
... edit here ...
$ ls -l script.sh
total 8
-rw-r--r-- 1 oracle dba 6 Mar 15 15:24 script.sh
$

In case I need to modify other files with MY account, I can either use the full path (/usr/bin/vim) or define another alias:

Shell
1
alias vime="/usr/bin/vim"

Posted in Linux, Trivadis Blog | Tagged bash, file ownership, Linux, permissions, personal account, setgid, shared environment, shell | 1 Reply
Proudly powered by WordPress
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish.Accept
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT