Database Reference
In-Depth Information
Contents of the file
externaljob.ora
are reproduced here:
1
# This configuration file is used by dbms_scheduler when executing external
# (operating system) jobs. It contains the user and group to run external
# jobs as. It must only be writable by the owner and must be owned by root.
# If extjob is not setuid then the only allowable run_user
# is the user Oracle runs as and the only allowable run_group is the group
# Oracle runs as.
run_user = nobody
run_group = nobody
The correct permissions for
extjob
are setuid root.
$ ls -l $ORACLE_HOME/bin/extjob
-rwsr-x--- 1 root oinstall 64920 Jul 21 17:04 /opt/oracle/product/db10.2/bin/extjob
Setuid permissions are required to allow the program
extjob
to change its effective user ID
to that of the user nobody by calling the C library function
seteuid
. The effective group ID is set
by a call to
setegid
. Since both the effective user and group ID are changed to nobody before
using
execve
to run the external program, merely the permissions of user and group nobody
are available to external jobs not owned by SYS. This mechanism must be in place to prevent
external jobs from connecting as SYS, which would pose a serious security threat.
Metalink note 391820.1 suggests setting
run_user=oracle
and
run_group=oinstall
as part
of resolving the errors “ORA-27369: job of type EXECUTABLE failed with exit code: Operation
not permitted” and “ORA-27369: job of type EXECUTABLE failed with exit code: 274662”. From
a security perspective, this is very problematic. Normally, the UNIX user oracle is a member of
the OSDBA group (usually group dba) and may connect as SYS without supplying a password.
By allowing users other than SYS to execute external jobs as a member of the OSDBA group,
those users may connect as SYS in their external jobs! Thus, any user who has the privileges
CREATE
JOB
and
CREATE
EXTERNAL
JOB
can connect as SYS! The correct solution would have been
to create and run the job as SYS. Jobs owned and run by SYS are always executed as the ORACLE
software owner. The program
$ORACLE_HOME/ bin/extjobo
, which runs these jobs, does not
use the configuration file
externaljob.ora
. Setuid permission for
extjobo
is not required either,
since this program does not alter effective user or group identifiers.
External Jobs on Windows
The implementation of the database scheduler on Windows differs from the UNIX implemen-
tation in these three respects:
1.
The error “ORA-27369: job of type EXECUTABLE failed with exit code: 274668 STANDARD_ERROR=
"Oracle Scheduler error: Invalid or missing run_group in configuration file."” may be raised in spite of
a correct configuration due to a line in
externaljob.or
a
that exceeds 100 characters.