Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Be sure to view the full listing of monographs in Morgan's Library
Purpose
This is one of the most important new Oracle 18c features and is a game changer with respect to how database software is installed and it is something that was needed for decades.
Piet de Visser raised this to Oracle a long time ago, and we were talking about that recently when discussing this new excitement to deploy software in Docker containers.
Docker containers are by definition immutable images. You need a Read Only Oracle Home, all the immutable files (configuration, logs, database) being in an external volume. Then, to upgrade the software, you just open this volume with an image of the new database version.
C:\app2\oracle\product\12.2.0\dbhome_1\bin>roohctl
-disable
Disabling Read-Only Oracle home.
Update Windows registry to disable Read-Only Oracle home.
Failed to update read only home attribute in the Windows registry.
Failed to update the Windows registry.
Failed to disable Read-Only Oracle home.
Check the log file C:\app2\oracle\cfgtoollogs\roohctl\roohctl-180225AM093331.log.
Enable
C:\app2\oracle\product\12.2.0\dbhome_1\bin>roohctl
-enable
Enabling Read-Only Oracle home.
Update Windows registry to enable Read-Only Oracle home.
Failed to update read only home attribute in the Windows registry.
Failed to update the Windows registry.
Failed to enable Read-Only Oracle home.
Check the log file C:\app2\oracle\cfgtoollogs\roohctl\roohctl-180225AM093338.log.
Help
C:\app2\oracle\product\12.2.0\dbhome_1\bin>roohctl
-help
Usage: roohctl [<flag>] [<command> <option>]
Following are the possible flags:
-help
Following are the possible commands:
-enable Enable Read-only Oracle Home
-disable Disable Read-only Oracle Home
