On 11/22/10 10:34 PM, Kill Script wrote:
On Mon, Nov 22, 2010 at 8:03 PM, John R Pierce <pierce@hogranch.com mailto:pierce@hogranch.com> wrote:
su-$ORA_OWNER -c $ORA_HOME/bin/dbstart should be su - $ORA_OWNER -c $ORA_HOME/bin/dbstart
So, for a Java program, would you suggest creating a different user, giving that user just enough privileges, and then running the script so that it exited if the wrong user tried to use it?
(Just trying to think what's the best long term solution for something like this)
Yes, especially if it runs a network protocol with the possibility of remote exploits. It is an easy way to limit the damage if anything goes wrong. But, the init scripts start as root so they need to su to the right user before starting the app.