Thanks for all the replies...I'm wading through them!
One more question...Do I always need to specify the full path of a Unix
command e.g /usr/bin/mv rather then just mv
That is something I don't currently need to do when using an external
procedure.
John
-Original Message-
Sent: 04
Our Unix guys create 'safe' versions of normal utilities and installed them in a
special folder. So, we use the full path to invoke them from *that* folder. Some
commands get logged to audit files. I'd say, yeah, specify full path, you don't loose
much (well some electrons, but who cares).
Raj
Title: RE: java package to run OS command
Take a look at metalink doc 222079.1
-Original Message-
From: John Dunn [mailto:[EMAIL PROTECTED]]
Sent: Thursday, December 04, 2003 7:49 AM
To: Multiple recipients of list ORACLE-L
Subject: java package to run OS command
I need a java
John,
Try this:
Process p = Runtime.getRuntime().exec(/usr/bin/df -Pk);
Abraham
-Original Message-
Sent: Thursday, December 04, 2003 7:49 AM
To: Multiple recipients of list ORACLE-L
I need a java package that will allow me to run OS commands(Unix) from a
stored procedure.
Anyone got
expert one on one. check asktom.oracle.com might be on there also.
From: John Dunn [EMAIL PROTECTED]
Date: 2003/12/04 Thu AM 09:44:29 EST
To: Multiple recipients of list ORACLE-L [EMAIL PROTECTED]
Subject: RE: java package to run OS command
Which book is that?
-Original
Here's another link to a good Java Stored Procedure for this:
http://www.oracle-base.com/Articles/8i/ShellCommandsFromPLSQL.asp
But the same caveats apply. We're using an external procedure written in C for this
instead of Java, and I use a shell that checks PRODUCT_PROFILE for authority to run
John, it is available on asktom as well, but read the caution Tom explains. Restrict
it to only executables you want. Asktom has example.
Raj
Rajendra dot Jamadagni at nospamespn dot com
All Views expressed in this
Which book is that?
-Original Message-
Sent: 04 December 2003 14:35
To: Multiple recipients of list ORACLE-L
its in tom kytes first book. might be on his webpage.
From: John Dunn [EMAIL PROTECTED]
Date: 2003/12/04 Thu AM 08:49:25 EST
To: Multiple recipients of list ORACLE-L
One I've used in the past was supplied by Tom Kyte :
http://asktom.oracle.com/pls/ask/f?p=4950:8:4723489521562622951::NO::F4950_P
8_DISPLAYID,F4950_P8_CRITERIA:952229840241,
Cheers,
Mike Hately
-Original Message-
Sent: 04 December 2003 13:49
To: Multiple recipients of list ORACLE-L
I
yeah, I'm trying to get away from C external procedures ...but java is
beginning to look just as much a hassle.
Why is running a OS command such hassle?
-Original Message-
Sent: 04 December 2003 15:40
To: Multiple recipients of list ORACLE-L
Here's another link to a good Java Stored
Here is a adoption for running the ls command ... be very careful with suspriv
command, it is very powerful privilege. One could replace ls with rm and then you are
doomed if oracle is running as root.
grant javasyspriv to system
/
create or replace type fileList as table of varchar2(255)
/
John,
I agree and am encouraging the external C procedures since their simpler, and
can create log files as well. BTW: Whoever authored the Java procedure on that web
page should be shot. I can just see someone passing 'rm -fr $ORACLE_HOME' to it.
Dick Goulet
Senior Oracle DBA
Oracle
It really isn't that much of a hassle once you have Java itself setup.
I have a problem with the lack of security placed on the Java code from the
oracle-base.com article though. What we did (are in the process of doing)
is to restrict execute access to a single directory that we create and
Dick, harsh words, hmmm? Powerful tools can also be powerful weapons in the wrong
hands. But don't blame the toolmaker.
John, the reason that running an OS command is such a hassle is that it can be
horribly destructive to your server. An OS command that runs from a Java Stored
Procedure
will it catch following command apart from rm -rf ???
find /var/opt/oracle/logs -mtime +1 -type f -name *.trc|perl -nle unlink
Probably not ... and that's why it is dangerous ... basically you should have a set
of fixed programs that can be called and accept only arguments from calling
By default, no user accounts in the Oracle DB have any privs to do anything
to the OS. Privs -- including privs to execute, read, and write OS files --
must explicitly be granted (and rightly so!).
Do not grant the JAVASYSPRIV or JAVAUSERPRIV to the schema that will own the
ExecOS Java code, as
Mladen Gogala scribbled on the wall in glitter crayon:
That wouldn't do much harm since it's relatively static and probably
frequently backed up. Restoring $ORACLE_HOME would be an easy
excercise. Now passing datafiles or copying /etc/motd onto
/oradata/SID/system01.dbf would cause much more
No, but it disallows command chains - only single commands are permitted. If you want
to run more than one command you have to write it as a shell script, and the full path
to that shell script must be approved for the current user in the PRODUCT_PROFILE
table. Normally, we will only allow
18 matches
Mail list logo