Salesforce

How to disallow a database from being shutdown remotely?

Printable View
« Go Back

Information

 
TitleHow to disallow a database from being shutdown remotely?
URL NameP94213
Article Number000145851
EnvironmentProduct: Progress
Version: 9.1E01 and later
Product: OpenEdge
Version: 10.0B02, 10.1x, 11.x
OS: All supported platforms
Question/Problem Description
How to disallow a database from being shutdown remotely?
What is the normtshutdown parameter used for?
How to prevent a remote user from shutting down the database ?
Steps to Reproduce
Clarifying Information
Startup parameter to disallow remote database shutdown requests.
Error MessageShutdown request denied because you are an invalid user, remote shutdown is not allowed, or the database is enabled for Failover Clusters, (12566)
Shutdown request denied; you do not have the correct user ID. (547)
Defect NumberEnhancement OE00109196
Enhancement Number
Cause
Resolution
The ability to shut a Progress database down remotely has been in our Product since Progress Version 7. Prior to Progress Service Pack 9.1E01 it is not possible to prevent a remote user from shutting down a Progress database. If the port is open (the database has been started with -S parameter), then if a user with permissions to shutdown a Progress OpenEdge database has access to the remote machine and is "smart enough" to know the port and hostname that the database is started under, they will be able to shut the database down remotely. In essence, if a user has access and knows what to do, they can.
 
$   proshut -db dbname -H hostname -S port [-Mm] -by

Progress Service Pack 9.1E01 introduces a new startup parameter that flags the database broker to disallow remote database shutdown requests.

The database startup parameter is: no remote shutdown (-normtshutdown). Database startup scripts that do not include this parameter will continue to function as originally intended.

Example:

The database is started restricting remote shutdown:
$   proserve dbname -S <portnumber> [-Mm <value>] -normtshutdown

A remote shutdown request is denied:

$   proshut dbname -H <hostname> -S <portnumber> [-Mm <value>] -by
Shutdown request denied because you are an invalid user, remote shutdown is not allowed, or the database is enabled for Failover Clusters, (12566)

If a remote shutdown request is made from an earlier Progress version,  the shutdown request is denied but a different error message is displayed:
Shutdown request denied; you do not have the correct user ID. (547)

For further information refer to Article  How to shut down a database remotely   

These changes do not disallow remote shutdown by the AdminServer, that is, using a local AdminServer with Progress Explorer or OpenEdge Explorer running remotely or issuing DBMAN from a remote command-line session.

The code used to disallow remote shutdowns when the argument is specified, is also used to disallow remote shutdowns for cluster-enabled databases at all times.  Refer to Article Unable to remotely shutdown or disconnect users from cluster-enabled database - error 12566    
Workaround
Notes
Keyword Phrase
Last Modified Date11/20/2020 7:14 AM
Powered by