RE: tracing oracle filesystem access

Sorry, didn't explain myself properly.

The utl_file_dir is currently set to be '*'. Some users have JAVASYSPRIV. I would like to \ restrict that as much as possible. To do this I would like to identify any and all \ directories and files the database processes access over a period of time. That way I will \ have a certain degree of confidence that my restriction will not break existing \ functionality.

I hope this is a better explanation.

Max.

-----Original Message-----
From: Thomas Jeff [mailto:jeff.thomas_at_thomson.net] Sent: Wednesday, January 11, 2006 1:22 PM To: Pakhutkin, Maxim (Max); oracle-l_at_freelists.org Subject: RE: tracing oracle filesystem access

Unless I'm missing something, can't you just do a show parameter utl_file_dir
in the respective databases to list all directories accessible?  

As for java, something like this:  

SELECT kind, grantee, type_schema, type_name, name, action, enabled FROM dba_java_policy

Look for a TYPE_NAME = java.io.Filepermission

From: oracle-l-bounce_at_freelists.org
[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of Pakhutkin, Maxim (Max)
Sent: Wednesday, January 11, 2006 1:08 PM To: oracle-l_at_freelists.org
Subject: tracing oracle filesystem access

Does anyone know of a way to trace/audit which files and directories oracle accesses either via PL/SQL (utl_file_dir) and java? I'm trying to restrict java access and pl/sql access to the filesystem, but would like to be able to monitor existing access patterns to make sure I will not break any functionality when I apply the restriction.  

The only way I can think of is by monitoring server processes with truss, but that would be pretty cumbersome. The other way is to somehow put a wrapper around sys.utl_file (but what about java?).  

Thanks in advance.  

Max Pakhutkin  

--
http://www.freelists.org/webpage/oracle-l