On Fri, Apr 23, 2010 at 04:25:49PM -0400, Mark Plaksin wrote: > Hi: > > What do people normally do about Oracle's root.sh scripts? Do you just > run them as-is? Do you cut out the junk and run the rest? Or maybe > distill them into Puppet code? :) > > I don't know anything about Oracle but root.sh has always seemed crazy > to me. Especially when it contains things like this: > $CHMOD +r /dev/rdsk/* >
At $previous_work(also a university FWIW), I would run the root.sh for the DBAs whenever they did database/grid controller installs or patchsets. I got burned enough times by trying to do things like simulate a root.sh or not install all the required packages, that I decide follow the oracle requirement and to focus my attention on the other aspects of security on the oracle servers. Doing thins like standardized filesystem layouts/permissions accross all oracle installs, not running other applications on the same server, network/host firewall rules, and no ssh access for those pesky users(non-dba's and non-sysadmins) is far more important. The DBAs at first really pushed at first for me to setup a sudo rule to allow them to have "sudo /u01/app/oracle/procduct/version/instance/root.sh". But it soon got to a point where I would always have a window on all their database servers, and I could have the root.sh run before they finished asking me to run it. They didn't ever ask for sudo perms for that, from then on. IMHO, We didn't have large enough scale of oracle installs to make oracle installs worth the time to automate. Your site may be different. I mean if the Oracle installs were able to be fully automated, Oracle would have done that a long time ago right?.... -Scott -- ============================================== Scott Koch [email protected] http://www.uselinux.us ============================================== _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
