1

I have basic question about installing applications on Linux operating system, using the Oracle database as an example. When installing the Oracle database package, I created a user called ora112, a group called dba, and added the user to that group.

So my question is, if the ora112 user's umask is set to 077, then no other users will be able to configure the Oracle database. Why do we need to follow this practice? Is it a accepted procedure in application installation on Linux. Please share your experience with me.

Similarly, if I install java in this way, then will application belonging to different user accounts be prevented from running java because of this access restriction.

Scott Pack
  • 15,167
  • 5
  • 61
  • 91
KItis
  • 111
  • 3

1 Answers1

4

There is no standard method for installing applications. Most applications will set themselves up such that their config files are only writeable by a single uid. Certainly Oracle does this. You can amend the permissions later - but this usually needs to be reapplied whenever you install upgrades.

It's good practice to restrict permissions based on a least privilege basis.

It's NOT good practice to share accounts

To resolve this potential conflict where more than one user may require access to run programs / alter data, then the solution is to setup a group containing the users whom require that access and modify the permissions accordingly.

Alternatively you can use sudo - but IMHO the group based solution is neater (preserves uids).

symcbean
  • 18,278
  • 39
  • 73