Medium: oracle: Create profile for OCFMON user (bnc#850589) #367
Conversation
Remove the automatic creation of a monitoring user. Require it to be created by the database administrator and supplied as the monuser parameter. The monpassword parameter is optional and defaults to the same value as monuser.
|
Updated with rewritten patch. |
|
Is there no way to keep the previous logic as well, so this option doesn't have to be required? Are there any circumstances where having the monitor user automatically created and turned on will work fine? |
|
There are, but there is no way (that I can see) that the RA can know if it is OK and will work, and if not, things will fail unpredictably. For example, if the password expiry time is set to 180 days, it's very possible that the RA won't fail until after that 180 day period. |
|
Is it not possible to detect if a user has an expiry time interval set? If the monitor user isn't set to expire, it seems like it would be safe. |
|
The expiry time is not a user setting, but a profile setting. I had a previous patch where I also created a special profile for the monitoring user to set a different expiry time, but that led to other issues. Another policy I've encountered which causes problems in this case is limits on passwords, like length, content etc. The password set by the automatic creation may fall foul of these policies, and they differ between installations. |
|
One other possibility is to have the monitor try to use the sysdba user in case the monitor user cannot login. Though that would again start creating thousands of files. Anyway, I'd say that we go with the proposed option, as that seems to be the only way to at least try to make the administrator aware of the fact that this user should get disfunctional under any circumstances. |
|
There's also an upgrade problem with the new option being required. On next upgrade, the oracle RA will return ERR_CONFIG, unless the option was defined. We need to take that into consideration too. |
|
This has been merged as pull request #439. |
Rewritten patch for the oracle RA. Having the resource agent create a monitoring user automatically turned out to be very problematic. That user is created outside the control of the database adminstrator, and will possibly have security limitations that break the RA in unexpected ways.
This patch replaces the automatic user creation with a required parameter "monuser", which must be set to a user manually created by the administrator.