Use ttIsql with Restrict Mode
When you invoke ttIsql (or ttIsqlCS) with
the -restrict option, the commands listed in the table below are blocked
and displays an error if you attempt to run them.
| Command | Reason to Block | Error Message |
|---|---|---|
cachesqlget |
Overwrites critical files. | cachesqlget commands are restricted. |
connect |
Allow one connection. Otherwise, you can connect as the instance admin to any database managed by that instance. | Restricted: A connection was already established in restrict mode. |
edit |
Overwrites critical files. Many editors allow to run host commands. | Edit commands are restricted. |
host |
Spawns a shell or run operating system command. | Host commands are restricted. |
putenv |
Manipulates PATH,
LD_LIBRARY_PATH, TIMESTEN_HOME and
other critical environment variables.
|
PutEnv commands are restricted. |
savehistory |
Overwrites critical files. | SaveHistory commands are restricted. |
|
|
If enabled and ttIsql crashes, the
operating system runs the ptrace command on the
PATH, which may pose a security risk.
|
'Set signalbehavior waitfordebugger' commands are restricted. |
spool |
Overwrites critical files. | Spool commands are restricted. |
ttIsql utility is invoked with
-restrict option, this utility blocks certain
ttIsql commands to enhance security. The following example
shows the error messages that appears when a user tries to run these restricted
commands:$ ttIsql -restrict
Copyright (c) 1996, 2025, Oracle and/or its affiliates. All rights reserved.
Type ? or "help" for help, type "exit" to quit ttIsql.
Command> spool $TIMESTEN_HOME/conf/timesten.conf;
Spool commands are restricted.
Command> savehistory -f $TIMESTEN_HOME/conf/timesten.conf ;
SaveHistory commands are restricted.
Command> cachesqlget scott.mycachegroup install $TIMESTEN_HOME/conf/timesten.conf;
cachesqlget commands are restricted.
Command> putenv TIMESTEN_HOME /tmp/i2;
PutEnv commands are restricted.Restricting the
connect command in ttIsql
When ttIsql runs in restrict mode (using the
-restrict option), it enforces strict control on database
connections to improve security. This initial connection must be made either by
specifying a connect string or DSN as a command-line option or by
running the connect command within ttIsql.
ttIsql session.
Command> connect database1;
Connection successful:
DSN=database1;DataStore=/disk1/databases/database1;DatabaseCharacterSet=AL32UTF8;ConnectionCharacterSet=AL32UTF8;PermSize=128;(Default setting AutoCommit=1) ttIsql
shows the following error:
Command> connect database2;
Restricted: A connection was already established in restrict mode.
The command failed.Even if the initial connection is closed, if you attempt to establish
another connection within the same session, it fails. To open a new connection, you
must start a new ttIsql session. With restrict mode, you can now
control which database the user is allowed to connect by specifying the connect
string in the /etc/sudoers file.
The reason for this restriction is that there could be multiple databases
managed by the same TimesTen instance. In restrict mode, administrators can ensure
that the user can only connect to a designated database instance. To accomplish
this, add the connect string in the /etc/sudoers file:
scott ALL=(ttadmin) NOPASSWD: /TimesTen/instance1/bin/ttIsql -restrict -connstr DSN=database1 *This example demonstrates how the ttadmin user gives the
scott user permission to specify the same connect string. By
restricting ttIsql to have only one connection, the user
scott can only connect to the database
(database1) mentioned in the /etc/sudoers
configuration file.
Since additional connections are blocked in restrict mode, the user cannot change databases or modify connection attributes during the session.