| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Mailing Lists -> Oracle-L -> Re: admin_restrictions_listener
You have to be logged on to the machine in order to START the TNS Listener,
in any case.
But to STOP, setting ADMIN_RESTRICTIONS_<listener-name> doesn't matter; that parameter only prevents runtime parameter changes (forcing parameter changes through editing of "listener.ora" and STOP/START or RELOAD).
Only passwording the Listener prevents unauthorized STOP or SERVICES commands...
> I understood that
>
> admin_restrictions_listener=on
>
> meant that you had to be physically logged on to the machine containing
the
> listener.ora file to be able to stop/start/change. Is this not correct?
>
> If correct, then 600 permissions would mean that you also had to be logged
> on as the oracle owner: and if you are the oracle owner logged on to the
> same machine as the listener then you'd not need to use lsnrctl to create
> havoc.
>
> What am i missing here?
>
>
> -----Original Message-----
> Sent: Friday, 18 October 2002 4:11 am
> To: Multiple recipients of list ORACLE-L
>
>
> Not true.
>
> I'm talking about accessing the TNS Listener process from a "lsnrctl"
> executable on another machine entirely (i.e. my laptop, for example).
> Changing the file permissions on the "tnslsnr" executable on the server
> won't prevent commands (like STOP) received over the network...
>
> Passwording the TNS Listener is the only protection for that...
>
> ----- Original Message -----
> To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com>
> Sent: Thursday, October 17, 2002 12:29 PM
>
>
> > Although if you set the lsnrctl to 700 that problem goes away (that's
what
> > we did). I'm still amazed that it's world executable.
> >
> > Jay Miller
> >
> > -----Original Message-----
> > Sent: Thursday, October 17, 2002 10:35 AM
> > To: Multiple recipients of list ORACLE-L
> >
> >
> > yup. i can run "lsnrctl" from my laptop somewhere on your network and
> > "stop" the listener otherwise...
> >
> > ----- Original Message -----
> > To: "Multiple recipients of list ORACLE-L" <ORACLE-L_at_fatcity.com>
> > Sent: Thursday, October 17, 2002 3:38 AM
> >
> >
> > > hi all
> > >
> > > I have my listener.ora owned by the oracle owner with 600 permissions
> and
> > > admin_restrictions_listener set.
> > > On a machine in the DMZ.
> > > Is there any point in having a password as well?
> > >
> > > thanks
> > > trevor
> > >
> > >
> > >
> > >
> > >
> > > Disclaimer.
> > >
> > > This e-mail is private and confidential. If you are not the intended
> > > recipient, please advise us by return e-mail immediately, and delete
> > > the e-mail and any attachments without using or disclosing the
> > > contents in any way. The views expressed in this e-mail are those
> > > of the author, and do not represent those of this company unless
> > > this is clearly indicated.
> > >
> > > You should scan this e-mail and any attachments for viruses.
> > >
> > > This company accepts no liability for any direct or indirect
> > > damage or loss resulting from the use of any attachments to this
e-mail.
> > >
> > >
> > > --
> > > Please see the official ORACLE-L FAQ: http://www.orafaq.com
> > > --
> > > Author:
> > > INET: Trevor.Williams_at_rac.com.au
> > >
> > > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > > San Diego, California -- Mailing list and web hosting services
> > > ---------------------------------------------------------------------
> > > To REMOVE yourself from this mailing list, send an E-Mail message
> > > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > > the message BODY, include a line containing: UNSUB ORACLE-L
> > > (or the name of mailing list you want to be removed from). You may
> > > also send the HELP command for other information (like subscribing).
> >
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.com
> > --
> > Author: Tim Gorman
> > INET: Tim_at_SageLogix.com
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting services
> > ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
> > --
> > Please see the official ORACLE-L FAQ: http://www.orafaq.com
> > --
> > Author: Miller, Jay
> > INET: JayMiller_at_TDWaterhouse.com
> >
> > Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> > San Diego, California -- Mailing list and web hosting services
> > ---------------------------------------------------------------------
> > To REMOVE yourself from this mailing list, send an E-Mail message
> > to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> > the message BODY, include a line containing: UNSUB ORACLE-L
> > (or the name of mailing list you want to be removed from). You may
> > also send the HELP command for other information (like subscribing).
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author: Tim Gorman
> INET: Tim_at_SageLogix.com
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
>
>
> Disclaimer.
>
> This e-mail is private and confidential. If you are not the intended
> recipient, please advise us by return e-mail immediately, and delete
> the e-mail and any attachments without using or disclosing the
> contents in any way. The views expressed in this e-mail are those
> of the author, and do not represent those of this company unless
> this is clearly indicated.
>
> You should scan this e-mail and any attachments for viruses.
>
> This company accepts no liability for any direct or indirect
> damage or loss resulting from the use of any attachments to this e-mail.
>
>
> --
> Please see the official ORACLE-L FAQ: http://www.orafaq.com
> --
> Author:
> INET: Trevor.Williams_at_rac.com.au
>
> Fat City Network Services -- 858-538-5051 http://www.fatcity.com
> San Diego, California -- Mailing list and web hosting services
> ---------------------------------------------------------------------
> To REMOVE yourself from this mailing list, send an E-Mail message
> to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
> the message BODY, include a line containing: UNSUB ORACLE-L
> (or the name of mailing list you want to be removed from). You may
> also send the HELP command for other information (like subscribing).
-- Please see the official ORACLE-L FAQ: http://www.orafaq.com -- Author: Tim Gorman INET: Tim_at_SageLogix.com Fat City Network Services -- 858-538-5051 http://www.fatcity.com San Diego, California -- Mailing list and web hosting services --------------------------------------------------------------------- To REMOVE yourself from this mailing list, send an E-Mail message to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in the message BODY, include a line containing: UNSUB ORACLE-L (or the name of mailing list you want to be removed from). You may also send the HELP command for other information (like subscribing).Received on Fri Oct 18 2002 - 03:53:29 CDT
 |
 |