goal: What are the recommended File
Permissions on Oracle Server Software?
fact: Oracle Server - Enterprise
Edition 8.1.7
(From metalink)
fix:
Recommended File Permissions after Installation of Oracle
Server
Edition:
1. Database Files
(Datafiles, Redologfiles, Controlfiles, ...)
- Permission 640
rw-r-----
- Maintain
discretory access to the files only by the Oracle and oinstall
group
2. $ORACLE_HOME/bin/
- Permission 755
rwxr-xr-x
- Must be writable
to software owner and executable to the rest
3.
$ORACLE_HOME/bin/oracle and $ORACLE_HOME/bin/dbsnmp
- Permission 6751
rws-r-s--x
- These executables
run as the oracle user and the DBA group regardless the
executor
4. other
executables
- Permission 751
rwxr-x--x
- Must be writable
to software owner and executable to the rest
5. $ORACLE_HOME/lib
(directory)
- Permission 755
rwxr-xr-x
6. $ORACLE_HOME/lib
(files)
- Permission 644
rw-r--r--
7.
$ORACLE_HOME/rdbms/log
- Permission 751
rwxr-x--x
8. $ORACLE_HOME/rdbms
and $ORACLE_HOME/sqlplus (directory)
- Permission 751
rwxr-x--x
9. $ORACLE_HOME/rdbms
and $ORACLE_HOME/sqlplus (files)
- Permission 644
rw-r--r--
10. $ORACLE_HOME/network/trace
- Permission 777
rwxrwxrwx for Development pruposes
- Permission 730
rwx-wx--- for productive environment
11. All /admin directories and underlying files
- Permission 644
rw-r--r--
- SQl-scripts
should typically run as the SYS-user
12. All Tracefiles produced by the database
- Permission 640
rw-r-----
- Many trace files include hex dumps of potentially sensitive data.