I am currently researching how best to secure our database environment. We have 9iR2 EE installed on HP-UX.
There will be a number of different databases on the database server, each with its own DBA and developers. The server is Raid 1+0. Oracle is installed on one filesystem, and the plan is to create each database on its own separate filesystem. I know this diverts from Oracle's OFA, but it will make the Unix administration/security easier to have each database contained within one mount point. Is this reasonable, or are there potential issues?
What are your recommendations with regards to Unix users, groups and
security? At the moment the OS user Oracle is the software owner and is
a member of the dba group. What about group and security settings for
our other users, DBAs and developers?
In particular, my concern is for one particular database, payroll. I
don't want other Unix users to be able to access any of the Oracle
related files, SQLs, reports, etc.
Some of the applications also have OS-authenticated users. We have
these as members of the DBA group, but this will be reduced.
What should happen the init, log, trace, and .ora files in this type of
setup? Should they all be owned by Oracle?
This was first published in September 2004