Oracle GoldenGate 安全性配备系列:利用 CMDSEC 文件控制 GoldenGate 命令的用户访问权限
日期:2014-05-16 浏览次数:20509 次
最近生产环境的历史查询库有多个厂商在使用,goldengate同步经常莫名奇妙的被其他厂商关掉重启,一下子前台应用便感受到了。我们这些运维人员倍感压力啊。这个周末好好瞅了瞅Oracle GoldenGate 官方文档,研究了一下如何利用GoldenGate 安全性配置来控制用户访问 GoldenGate ggsci 命令的权限,今天先发这个最紧迫的 CMDSEC,将在近期系列性地探索一下GoldenGate 的各种安全性配置。
一、在OS上配置GoldenGate管理用户
GoldenGate 官方文档关于GoldenGate 安装和管理用户权限的介绍
《Oracle?GoldenGate Oracle Installation and Setup Guide Release 11.2.1》
1.2.5 Operating system privileges
Thefollowing are the privileges in the operating system that are required toinstall
OracleGoldenGate and to run the processes.
■ To install on Windows, the person who installs Oracle GoldenGate must login as
Administrator.
■ To install on UNIX, the person who installs Oracle GoldenGate must haveread
andwrite privileges on the Oracle GoldenGate installation directory.
■ The Oracle GoldenGate Extract, Replicat, and Manager processes mustoperate as
anoperating system user that has privileges to read, write, and delete files and
subdirectoriesin the Oracle GoldenGate directory. In addition, the Manager
processrequires privileges to control the other Oracle GoldenGate processes.
■ (Classic capture mode) In classic capture mode, the Extract process readsthe redo
logsdirectly and must operate as an operating system user that has read access to
the logfiles, both online and archived. On UNIX systems, that user must be a
memberof the group that owns the Oracle instance. If you install the Manager
processas a Windows service during the installation steps in this documentation,
you mustinstall as Administrator for the correct permissions to be assigned. If you
cannotinstall Manager as a service, assign read access to the Extract process
manually,and then always run Manager and Extract as Administrator.
■ Dedicate the Extract, Replicat, and Manager operating system users toOracle
GoldenGate.Sensitive information might be available to anyone who runs an
OracleGoldenGate process, depending on how database authentication is
configured.
Unix下
OGG 管理用户必须具有/home/oracle/ggs用户的读写权限
OGG 管理用户要管理 extract、pump 和 mgr 进程,必须对/home/oracle/ggs 及其子目录具有读写权限
