[suse-oracle] sqlplus in a chroot jail?

From: Josh Trutwin (josh@trutwins.homeip.net)
Date: Wed Sep 10 2003 - 03:11:34 CEST 

Date: Tue, 9 Sep 2003 20:11:34 -0500
From: Josh Trutwin <josh@trutwins.homeip.net>
Message-Id: <20030909201134.0000398f.josh@trutwins.homeip.net>
Subject: [suse-oracle] sqlplus in a chroot jail?

Hi,

I'm trying to setup an ssh environment where my students in my database course can log in to my server and use sqlplus. (Some might not have access to the 250MB Oracle client app) I thought it best to setup a chroot jail to log into where the only thing they have access to is sqlplus and the ls command. :) Here was my initial stab at this:

created a bin, lib, usr/lib, dev, home directory in /opt/oracle/product

created dev/null, dev/zero

created a directory opt/oracle/product and linked each oracle product in this directory so that when the user logs into the jail, /opt/oracle/product/8i exists and ORACLE_HOME is set to this directory. Copied appropriate libs/cmd to use basic commands such as ls, cp, mv, etc. Copied libs listed from doing ldd sqlplus into the chroot lib directory. Copied /bin/tcsh to the chroot bin. (my preference)

When I execute chroot /opt/oracle/product /bin/tcsh as root, I get a shell prompt and I can execute ls, cp, mv, etc. I can also execute sqlplus as the chroot environment sees /opt/oracle/product/8i which is the ORACLE_HOME as setup in /etc/profile.d/oracle.csh. When I try to log into sqlplus though using the SYSTEM or SYS accounts I get the following error:

ERROR:
ORA-12560: TNS:protocol adapter error

A sqlnet.log is dumped to the /opt/oracle/product directory with the following contents:

***********************************************************************
Fatal NI connect error 12560, connecting to:
 (DESCRIPTION=(ADDRESS=(PROTOCOL=beq)(PROGRAM=/opt/oracle/product/8i/bin/oracle)(ARGV0=oraclemydb)(ARGS='(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))')(DETACH=NO))(CONNECT_DATA=(CID=(PROGRAM=)(HOST=langly)(USER=))))

  VERSION INFORMATION:
        TNS for Linux: Version 8.1.7.0.0 - Development
        Oracle Bequeath NT Protocol Adapter for Linux: Version 8.1.7.0.0 - Development
  Time: 10-SEP-2003 01:02:04
  Tracing not turned on.
  Tns error struct:
    nr err code: 0
    ns main err code: 12560
    TNS-12560: TNS:protocol adapter error
    ns secondary err code: 0
    nt main err code: 530
    TNS-00530: Protocol adapter error
    nt secondary err code: 9
    nt OS err code: 0

ARGV0=oraclemydb looks wrong as my SID is "mydb", not "oraclemydb". Any thoughts?

Thanks,

Josh

---------------------------------------------------------------------
To unsubscribe, e-mail: suse-oracle-unsubscribe@suse.com
For additional commands, e-mail: suse-oracle-help@suse.com
Please see http://www.suse.com/oracle/ before posting

This archive was generated by hypermail 2.1.7 : Wed Sep 10 2003 - 03:16:12 CEST