Sven Aluoor
2009-Dec-01 21:48 UTC
[CentOS] best practises for avoiding to write passwords in shell scripts (example sqlplus from Oracle)
Hi folks I have here a CentOS box where i need to setup cronjob (with session to remote Oracle instance). On the remote DB i have no access, expect limited user. How to avoid putting passwords in shell scripts? The solution doesn't need to be perfect, only better than plain text passwords in scripts. Mostly remote host only support password authentication (no certificates and so on). cheers Sven
Ryan Lynch
2009-Dec-01 21:54 UTC
[CentOS] best practises for avoiding to write passwords in shell scripts (example sqlplus from Oracle)
On Tue, Dec 1, 2009 at 16:48, Sven Aluoor <aluoor at gmail.com> wrote:> Hi folks > > I have here a CentOS box where i need to setup cronjob (with session > to remote Oracle instance). On the remote DB i have no access, expect > limited user. > > How to avoid putting passwords in shell scripts? > > The solution doesn't need to be perfect, only better than plain text > passwords in scripts. > Mostly remote host only support password authentication (no > certificates and so on).I'm a little unclear on exactly what you're asking. Do you want the job to run in the crontab of the remote (Oracle DB) host, or in the crontab of your own (local) machine? Also, how are you accessing the Oracle DB? Are you running a DB client on your local machine and connecting to the DB over the network? Or are you logging into the remote host (with SSH, telnet, etc.) and then opening a local DB connection? -Ryan
John R Pierce
2009-Dec-01 22:01 UTC
[CentOS] best practises for avoiding to write passwords in shell scripts (example sqlplus from Oracle)
Sven Aluoor wrote:> Hi folks > > I have here a CentOS box where i need to setup cronjob (with session > to remote Oracle instance). On the remote DB i have no access, expect > limited user. > > How to avoid putting passwords in shell scripts? > > The solution doesn't need to be perfect, only better than plain text > passwords in scripts. > Mostly remote host only support password authentication (no > certificates and so on). >postgresql supports a .pgpasswd file in the users home directory thats permission 600, so only the owner can access it. Maybe Oracle has something similar?
nate
2009-Dec-01 23:03 UTC
[CentOS] best practises for avoiding to write passwords in shell scripts (example sqlplus from Oracle)
Sven Aluoor wrote:> Hi folks > > I have here a CentOS box where i need to setup cronjob (with session > to remote Oracle instance). On the remote DB i have no access, expect > limited user.With sqlplus and oracle I pretty much always ran scripts as sysdba from one of my scripts that fires up Oracle ASM: # Set variables for ASM sid (first) su $ORACLE_USERNAME -c "echo "startup" | sqlplus / as sysdba" | tee $ASM_STARTUP_LOG another example - su $ORACLE_USERNAME -c "sqlplus / as sysdba @/home/oracle/sql/snapshot-restore/restore-from-prod-oracle-change-passwords.sql" | tee -a $FINAL_SQL_LOG If I needed to login as a specific user to oracle I would login as sysdba and run alter session set current_schema=OTHER_USER_NAME; to change the user name after login. So no passwords needed. For servers, everything automated relies on ssh key based auth. I'm no Oracle expert by any means! nate