Who's in charge here: Oracle or Unix?
Robert E. Van Cleef
vancleef at nas.nasa.gov
Sat Feb 9 04:23:37 AEST 1991
Two points/questions:
1) How are you going deal with the other programs that are used to maintain those files? passwd, chfn, chsh, and any of the other programs that use the standard system calls, with the appropriate privileges, allow general users to modify their information in those files. These commands must be eliminated or modified to comply with your 'NEW STANDARD'.
Is your programming staff ready to take on OS support and development responsibilities for all of the OS varients that Oracle runs on? Will it work with the BSD password hashing routines, the Unicos passwd file shadowing routines, the UTS /etc/identity file, etc.?
2 ) Using a database to maintain those files is a "good thing". Adding the requirement that a commercial package that I must install on my system will manage those files is a "bad thing". I would probably veto the procurement of a commercial database package for general use if I discovered that it came with hooks to modify system files...
---
My suggestions would be a tool that monitors those files, and reports pertinent discrepancies to the administrators, or a set of general tools for mantaining those files, that could be tested, modified, and accepted by the local system administrators on a case-by-case basis.
---
To clarify my biases <grin>
We have a locally developed account management system that maintains the passwd and group files on over 200 systems. It runs unders a commercial database package on one system and can update the system files on all of the client systems. We also have a separate software package that audits the files on all of the systems, monitoring for changes. However, the information in the passwd and GECOS fields tend to drift over time as the users manually update them on individual systems. We do not try to control t
hat drift...
Host tables are control by a different mechanism, based on nameservice.
--
Bob Van Cleef vancleef at nas.nasa.gov
NASA Ames Research Center (415) 604-4366
---
Perception is reality...
More information about the Comp.unix.admin
mailing list