Who's in charge here: Oracle or Unix?

[Jerry Scharf scharf@btr.com]

There seem to be two issues here that can be separated. One is should there
be a relational database for users and the other is who updates /etc/passwd.
The reason I separate them is it let's me present an alternative that I
fovor.

Tracking users on a group of Unix machines is a pain. "When did a user's
account get disabled" is a favorite question. So is which machines does
user x have an account on, and which of those have some root access. This
is stuff that is well kept by a database, and if someone else will set
it up for you, that's one major pain out of the way. Make sure you are
involved in specifying the contents of the database so you get all the
information you want and all the reports your boss will want.
One security scare will pay for all the effort in setting it up.

As for the "automagic update" of the passwd files, I would tend to err
on the side of caution. Remember who's butt goes in the meat grinder if
it breaks. If they create a new file that is what they think the passwd
file should be, then let you examine it and move it into the system as
you wish, this allows you to maintain local hacks and check for mistakes.
I think their solution wuold work about %98 of the time, which is not
acceptable to me. My personal experiences with Oracle are as bad as the
others I've seen. Do they still fail to catch the shutdown signal, and
leave the database corrupted when the system is shut down without first
stopping Oracle.

Jerry
-- 
Jerry Scharf			scharf at btr.com, ...!decwrl!btr!scharf