Oracle FAQ | Your Portal to the Oracle Knowledge Grid |
Home -> Community -> Mailing Lists -> Oracle-L -> Slightly off topic: Unix set-uid bit on ksh script
--0-719885386-966005941=:3924
Content-Type: text/plain; charset=us-ascii
I'm trying to write ksh script that reads the oracle dba password from a file, connects with sqlplus, and runs a query. The catch is that I want anyone to be able to run the script, but not to be able to see the password. My idea was to put the password in a file that only the oracle user can read, and set the suid bit on the executable script so that the script could read the file but not the user. Problem is I started getting the following error if anyone other than oracle tries to run the script.
ld.so.1: sqlplus: fatal: libsunmath.so.1: open failed: No such file or directory
When oracle runs it, it works fine.
I put a "set > test" line in the script right before it runs sqlplus and that file shows that the PATH and LD_LIBRARY_PATH variables are being set correctly. In fact if I just hard code the password into the script, and remove the suid bit, anyone can run it. Is there something that the suid bit changes in the processes environment that I'm missing here? The platform is Solaris 2.6.
<P>I'm trying to write ksh script that reads the oracle dba password from a file, connects with sqlplus, and runs a query. The catch is that I want anyone to be able to run the script, but not to be able to see the password. My idea was to put the password in a file that only the oracle user can read, and set the suid bit on the executable script so that the script could read the file but not the user. Problem is I started getting the following error if anyone other than oracle tries to run the script. </P>
<P>ld.so.1: sqlplus: fatal: libsunmath.so.1: open failed: No such file or directory</P>
<P>When oracle runs it, it works fine.</P>
<P>I put a "set > test" line in the script right before it runs sqlplus and that file shows that the PATH and LD_LIBRARY_PATH variables are being set correctly. In fact if I just hard code the password into the script, and remove the suid bit, anyone can run it. Is there something that the suid bit changes in the processes environment that I'm missing here? The platform is Solaris 2.6.</P><BR><BR><p><br><hr size=1><b>Do You Yahoo!?</b><br>
Kick off your party with Yahoo! Invites.
--0-719885386-966005941=:3924--
Received on Fri Aug 11 2000 - 09:59:01 CDT