Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Installing Oracle

0 views
Skip to first unread message

mrdjm...@aol.com

unread,
Mar 1, 2008, 5:40:45 PM3/1/08
to

You know, this is why developers should never be given access to the
server.


We are running ORacle 10g. We were going to drop a database and
recreate it on our development box.


Rather, a developer deleted all of the datafiles AND the software. I'm
here at home with an SSH connection to work. Can I download the
software from Oracle's site, upload it to the server and install it
using a response file?


I do not have access to a GUI mode, so a response file is the only way
to go.......


If not, is there any other way???


Thanks!

fitzj...@cox.net

unread,
Mar 1, 2008, 6:06:55 PM3/1/08
to
Comments embedded.

On Mar 1, 4:40 pm, mrdjmag...@aol.com wrote:
> You know, this is why developers should never be given access to the
> server.
>

No, this is why administrators and DBAs should be MUCH more careful in
who has access to the 'oracle' O/S account.

> We are running ORacle 10g.  We were going to drop a database and
> recreate it on our development box.
>

A fine idea.

> Rather, a developer deleted all of the datafiles AND the software.

One wonders how this developer had access to a privileged O/S user
account to begin with. Simply granting access to the server would NOT
provide any developer access to delete the Oracle RDBMS software and
the database files.

> I'm
> here at home with an SSH connection to work.  Can I download the
> software from Oracle's site, upload it to the server and install it
> using a response file?

I don't see why not (provided you have sufficient bandwidth), but the
question still remains as to HOW this developer had such access in the
first place. One tends to think it carelessness on your part.

>
> I do not have access to a GUI mode, so a response file is the only way
> to go.......
>

And had you been much more prudent in your granting of access to this
server you'd still have a database and the software to run it.

> If not, is there any other way???
>
> Thanks!

I would immediately change the 'oracle' password and be much less
lenient in who has access to it. Obviously this developer was able to
connect as this user and create the damage you've described, Whose
fault was that?

You are correct that no developer should have access to a production
server, however you haven't stated anywhere that this IS a production
server. Nevertheless it's also not a wise idea to pass amonst the
developers the connection details for the 'oracle' O/S user account
(which, obviously, has happened). I hope the 'root' password is NOT
also among those the developers have been given.

You need to take a long, hard look at how you grant access to
servers, because from what I've seen in this post you simply open your
servers to attack from within. With such 'policies' in place you've
gotten what you've deserved, the inability to control a database
environment. The person or persons responsible for this debacle
should be, at the least, formally reprimanded (I'm thinking
termination is in order, but some may consider that a bit severe).
Policies in your organization need to change, immediately, else you'll
find yourself in the same position over and over again. Or you'll
find yourselves out of business.


David Fitzjarrell

Matthias Hoys

unread,
Mar 1, 2008, 6:22:19 PM3/1/08
to

<mrdjm...@aol.com> wrote in message
news:0c5abfa4-9e29-46c8...@u69g2000hse.googlegroups.com...

Don't you have a tape backup of the Oracle software folders ?


mrdjm...@aol.com

unread,
Mar 1, 2008, 6:33:14 PM3/1/08
to
On Mar 1, 5:22 pm, "Matthias Hoys" <a...@spam.com> wrote:
> <mrdjmag...@aol.com> wrote in message
> Don't you have a tape backup of the Oracle software folders ?- Hide quoted text -
>
> - Show quoted text -

Well, we have otehr boxes running Oracle 10g r2. But no backup of
this one, as it was a development server. And copying the directories
from one of the other servers is not the answer.....

fitzj...@cox.net

unread,
Mar 1, 2008, 6:39:25 PM3/1/08
to
> from one of the other servers is not the answer.....- Hide quoted text -

>
> - Show quoted text -

Then the developers had every right to have access to the database and
server; giving them access to the 'oracle' account, though, is
ridiculously idiotic. Their access should have been through
individual user accounts absent the 'dba' group.

You're correct in presuming that copying existing Oracle installations
to this machine isn't the answer. The answer is you shouldn't be so
lax in who has access to priviledged O/S accounts.


David Fitzjarrell

Michael Austin

unread,
Mar 1, 2008, 7:37:33 PM3/1/08
to

I use PuTTy ssh with Xforwarding enabled. (I am guessing UNIX here??)
run CYGWIN (free download) or Exceed (not free) on your home computer,
upload the DVD(s) and run the runInstaller if you have the oracle pwd.

If you only allow su to oracle(obviously not since it seems that far too
many people have access to it...), then there are some tricks to getting
this to work - I have had to do it many times due to firewalls even
within my own company.

log into your user account
chmod 666 .Xauthority
echo $DISPLAY ## find out what your display is currently set to...
should be something like: localhost:10.0 .. but only if everything is
configured properly
[sudo??] su - oracle
export DISPLAY=localhost:10.0
mv ~/.Xauthority ~/.Xauthority.old
ln -s /youruserdir/youruserid/.Xauthority ~/.Xauthority
[you can now test by finding and executing xclock]
cd to appropriate DVD directory and execute runInstaller.


Works like a charm!

The other method would be to look at the Oracle notes on how to create a
CLONE of your 9i/10g/11g environment... it is really quite easy. Then
you can just unzip/untar this into place, run an OUI clone command,
execute the root.sh and you are done.

Clones are our friends!!!

(see metalink note:
Subject: How To Clone An Existing RDBMS Installation Using OUI
Doc ID: Note:300062.1 Type: HOWTO
Last Revision Date: 08-FEB-2008 Status: PUBLISHED

Also works for cloning a separate ASM installation.

Robert Klemme

unread,
Mar 2, 2008, 7:23:18 AM3/2/08
to
On 02.03.2008 00:39, fitzj...@cox.net wrote:

> Then the developers had every right to have access to the database and
> server; giving them access to the 'oracle' account, though, is
> ridiculously idiotic. Their access should have been through
> individual user accounts absent the 'dba' group.
>
> You're correct in presuming that copying existing Oracle installations
> to this machine isn't the answer. The answer is you shouldn't be so
> lax in who has access to priviledged O/S accounts.

IMHO the policy should not forbid developers on that system but rather
people with lacking skills and lacking care. It should be immediately
obvious to someone with the faintest clue that one does not get rid of a
database by simply deleting files on a machine; and it's an especially
dump idea to also delete the application's files. Anybody with just a
little care would have either asked someone or looked into documentation
how this is achieved. I'm starting to lean to believe it was a hostile act.

robert

sybr...@hccnet.nl

unread,
Mar 2, 2008, 9:39:56 AM3/2/08
to
On Sat, 1 Mar 2008 15:33:14 -0800 (PST), mrdjm...@aol.com wrote:

>Well, we have otehr boxes running Oracle 10g r2. But no backup of
>this one, as it was a development server. And copying the directories
>from one of the other servers is not the answer.....

That is very strange. You both have no backup of the development
server, and you allow everyone to delete the complete installation,
and you forbid to copy it from somewhere else?

I would suggest someone would show you to the door of unemployment.
You are clearly completely clueless.

--
Sybrand Bakker
Senior Oracle DBA

sybr...@hccnet.nl

unread,
Mar 2, 2008, 9:41:57 AM3/2/08
to

In my book this is identical to developers.

I'm inclined to believe everyone at that company is completely
clueless with respect to Oracle, and assume it is Sqlserver or Mysql,
including the OP

Robert Klemme

unread,
Mar 2, 2008, 10:31:33 AM3/2/08
to
On 02.03.2008 15:41, sybr...@hccnet.nl wrote:
> On Sun, 02 Mar 2008 13:23:18 +0100, Robert Klemme
> <short...@googlemail.com> wrote:

>> people with lacking skills and lacking care.
>
> In my book this is identical to developers.

I feel slightly abused. :-) You probably have your history with
developers but I have also seen clueless DBA's. One of the reasons for
this is that companies are not willing to pay the price of a decent
database administrator and so people end administering that do neither
have the knowledge nor the time to gain it.

If you use "developer" as an abstraction of a person who is "only" doing
coding and not interested in the nature of the systems they are using
then yes, those should not be allowed database access - but they should
also not be allowed to write a line of code that eventually goes into
production.

<rant>Nowadays OR mappers make it so easy to store data from your
favorite OO programming language in a persistence store hiding the often
quoted impedance mismatch - but unfortunately also hiding the
characteristics of performance, locking and what not. Sometimes it
seems that replacing this with a explicit mapping using SQL would be
beneficial because it gives more control, lets you use all the features
of the database and, probably most important, makes it obvious that
there is access to some external storage that should be used with
care.</rant>

> I'm inclined to believe everyone at that company is completely
> clueless with respect to Oracle, and assume it is Sqlserver or Mysql,
> including the OP

Maybe.

Cheers

robert

DA Morgan

unread,
Mar 2, 2008, 1:29:20 PM3/2/08
to
sybr...@hccnet.nl wrote:

> rather
>> people with lacking skills and lacking care.
>
> In my book this is identical to developers.

If that is the case then one of two things is the issue.

1. The developers need to be fired or trained because in many shops
the developers are as knowledgeable as the DBAs. Dell in Austin
Texas, where I was last week, comes immediately to mind. Their
entire team is sharp.

2. The management needs to be fired or trained because they should
never have allowed a situation where developers did not have the
required skills to be database developers.

If you are willing to tolerate a situation where DBAs are competent
and developers are not then, analogously, you are willing to
tolerate a situation where judges are competent and attorney's are
not ... or surgeons are competent and surgical nurses are not. I
find none of these situations tolerable at any level.

> I'm inclined to believe everyone at that company is completely
> clueless with respect to Oracle, and assume it is Sqlserver or Mysql,
> including the OP

I'm inclined to agree. <g>
--
Daniel A. Morgan
Oracle Ace Director & Instructor
University of Washington
damo...@x.washington.edu (replace x with u to respond)
Puget Sound Oracle Users Group
www.psoug.org

0 new messages