Path: utzoo!attcan!uunet!pilchuck!nwnexus!nvosd
From: nvosd@nwnexus.WA.COM (UW West )
Newsgroups: comp.databases
Subject: Re: Oracle OPS$ account and unix set-uid programs ??'s
Message-ID: <390@nwnexus.WA.COM>
Date: 26 Sep 90 20:14:28 GMT
References: <9746@arctic.nprdc.arpa>
Reply-To: nvosd@nwnexus.UUCP (U S WEST NewVector Clay Jackson)
Organization: U S WEST NewVector Group
Lines: 12


Basically, what Oracle does (as far as we can tell) is a getpwent for
the REAL user id (not the effective userid) and then looks in /etc/passwd
on the SERVER machine to see if you're who you say you are.

So, setuid programs don't work.  In addition, this means that if you
are running client-server, you MUST have password file entries on
BOThH the server AND the client.

I can see WHY they did it, but there's gotta be a better way....

Clay Jackson