bypass password prompt in shell

This blog will help you in bypassing or ignoring the password prompt in shell along with a sample script to test direct login to remote servers without any interruption due to password prompt

Using ssh –o & trap signals it is possible to skip password prompt & move ahead in the script

Although remote server direct login is enabled using public key sometimes it does not work either due to password policy expiring the password or server un-reachability. In both situation password will be prompted like below

$ssh oracrmdevlab hostname

oralab@oracrmdevlab's password:

Script:

Sample script has been written to provide report of the failure direct remote login from jump server for a particular osuser.

#!/bin/sh

set -x

BASE="/export/home/oralab/direct_login"

SCP_USER=`who -m | awk '{ print $1}'`

DT=`date '+%b_%d_%Y_%HH_%MM'`

DAT=`date '+%b_%Y'`

MAIL="oralab@xyz.com"

TODAY=`/bin/date +%d | cut -d"0" -f2` ; export TODAY

> $BASE/direct_login_check.log

> $BASE/direct_login_check_failed.log

> $BASE/direct_login_check_success.log

password reset in shell script using passwd

Resetting Password is a tedious job of the sys admin’s or DBA’s while managing over 100’s of servers.

Automatic password reset could make your job easier , What if your OS password gets reset automatically before expiry & reaches to your mailbox ? yes this is what came in my mind before I started hunting for the

Question How to reset password using passwd command in shell script?

While executing passwd command it takes three input i.e. Old password , New Password , New Password (confirmation)

It would have been difficult to pass these inputs to passwd prompts whithin shell without “expect” command

read –p command asks value by prompting for manual input but expect prompts as well as accepts input values in one go

expect can be configured to send the requested input value to desired command

expect is present in Linux by default but need to install it in rest of the Unix environment 

Script: expect.sh

#!/usr/bin/expect

set pwd [lindex $argv 0]

set pwd1 [lindex $argv 1]

set pwd2 [lindex $argv 2]

spawn /usr/bin/passwd

sleep 5

expect "UNIX password:"

sleep 5

send "$pwd\r"

sleep 5

expect "New password:"

sleep 5

send "$pwd1\r"

sleep 5

expect "Retype new password:"

sleep 5

send "$pwd2\r"

sleep 5

expect eof exit

Oracle 10g RAC Upgrade Lessons

Blog highlights basic steps to upgrade oracle 10g RAC db from 10.2.0.4 to 10.2.0.5 along with obstacles faced & Solution. 

 Systems:

Racdb1/Racdb2 ~ Sun OS 5.10 ~ Oracle 10204 ~ ASM ~ Primary

Racdbdr1/Racdbdr2 ~ Sun OS 5.10 ~ Oracle 10204 ~ ASM ~ Standby

 Activity: To Apply 10.2.0.5 Patch (8202632) + CRS PSU Jan 2011 (9952245) + RDBMS PSU JUL 2011 (12419392) to existing 10.2.0.4 oracle & cluster binaries

 Activity Sequence:

Upgrading 10g RAC from 10204 to 10205 involves below basic steps which needs to be performed on both primary & DR setups sequentially

  1.       Per-activity checks

ORACLE_HOME/ORA_CRS_HOME/oraInventory/OCR backup

Invalid Object/Index, backup status, datafile file status

Opatch version verification, current patchset

  2.       Differing archive sync

Racdb1/Racdb2 primary archive deferred with standby Racdbdr1/Racdbdr2

Oracle LOGON trigger not working

Issue: Oracle Logon trigger based on schema or database level working only from sys & not working from any other schema

Trigger Code:

create or replace trigger restrictuser

  after LOGON ON ADMIN.SCHEMA

BEGIN

  if (sys_context('USERENV', 'SESSION_USER') = 'ADMIN' and

     sys_context('USERENV', 'OS_USER') = 'oracle9i') then

    RAISE_APPLICATION_ERROR(-20001, 'Sorry, you are not allowed here!');

  END if;

END;

Requirement:

Trigger should be created in non-sys schema to restrict OS_USER oracle9i from logging into DB user ADMIN

Archivelog Mode

Enabling database archive log mode has following benefits :

- Online database backup can be taken using RMAN or user managed backup method (hotbackup/copy) - Archive log files can be mined using LOGMINOR utility to track past changes which has caused damaged to database objects like mistakenly executed delete , update , insert operations or package/procedure/function alteration. LOGMINOR provides equivalent undo statement to roll back the DML operations & session info to identify the performer of such destructive activity 

- Archive log along with redo log enables database cloning & helps Recovery operations 

- Archive log are mandatory in replication environments like logical/physical standby 

Steps to enable Database Archivelog Mode:

Oracle database archivelog can be enabled in simple 3 steps as below …

Step1: Set archivelog re-requisite init parameters Online

log_archive_dest allows to specify the os file system destination for archive log file storage

 alter system set log_archive_dest_1='LOCATION=/archive/ATS';

 show parameter log_archive_dest_1