Hey all,
Trying to get into this JSP thingy on 8.1.7.4 and HP/UX 11.0 and I've run
into a stumbling block. I want to copy a trace file from UDUMP to the
user's directory via JSP. Here's the security specifics on the HP/UX side:
Oracle username: oracle
Oracle primary group: dba
Oracle secondary group: erp (from /etc/group)
User username: myuser
User primary group: erp
User secondary group: <none>
"myuser"'s home directory is "/home/myuser", owned by "myuser:erp" with a
protection of 775 (ERP system design demands it's that low!) and no ACLs.
When logged into the oracle account, I can:
cp /yadda/yadda/udump/ora_9999_mydb.trc /home/myuser
...without a problem since oracle has a secondary group of "erp". When I
try to the exact same command via the JSP (cloned from Metalink article
109095.1) I get "permission denied" ONLY IF the file doesn't already exist.
Here's a snippet:
TKPCommand = "/usr/bin/cp " + TraceName + " " + UserName;
Process p = Runtime.getRuntime().exec(TKPCommand);
System.out.println("CP command: " + TKPCommand);
System.out.println("Return code from CP: " + p.exitValue());
And the output:
CP command: /usr/bin/cp /yadda/yadda/udump/ora_9999/mydb.trc
/home/myuser
Return code from CP: 1
By converting the "cp" command to a shell script and adding debugging, we
were able to see the "permission denied" and to verify that the executing
user is "oracle". However, if the destination file exists (e.g. from the
interactive copy above), it works fine. Delete the file from /home/myuser
and run the JSP and it fails because the oracle account's primary group
doesn't have access to write to the /home/myuser directory. But it works
interactively because of the secondary group membership.
This (and tons of other similar boring tests) leads me to believe that the
secondary groups are not active in the call from the JSP. Without the pain
of using Unix's "newgrp" in my exec command, does anyone have a way around
this mess? Is there something I'm missing?
Help!
TIA,
Rich
Rich Jesse System/Database Administrator
[EMAIL PROTECTED] Quad/Tech International, Sussex, WI USA
--
Please see the official ORACLE-L FAQ: http://www.orafaq.net
--
Author: Jesse, Rich
INET: [EMAIL PROTECTED]
Fat City Network Services -- 858-538-5051 http://www.fatcity.com
San Diego, California -- Mailing list and web hosting services
---------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: [EMAIL PROTECTED] (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from). You may
also send the HELP command for other information (like subscribing).
