Which has the higher priority in your organization: Deploying a new database or securing the ones you already have?
Looking for a website, and resources, dedicated solely to securing Oracle databases? Check out DBSecWorx.
Be sure to view the full listing of monographs in Morgan's Library
Purpose
This is one of the most important new Oracle 18c features and is a game changer with respect to how database software is installed and it is something that was needed for decades.
Piet de Visser raised this to Oracle a long time ago, and we were talking about that recently when discussing this new excitement to deploy software in Docker containers.
Docker containers are by definition immutable images. You need a Read Only Oracle Home, all the immutable files (configuration, logs, database) being in an external volume. Then, to upgrade the software, you just open this volume with an image of the new database version.
As of Oracle 21c, the default installation. is ROOH.
General
Help
C:\u01\oracle\product\dbhome_1\bin>roohctl -help
Usage: roohctl [<flag>] [<command> <option>]
Following are the possible flags:
-help
Following are the possible commands:
-enable Enable Read-only Oracle Home
[-nodeList List of nodes in a cluster environment]
Note that:
-disable Disable Read-only Oracle Home is no longer in the Help and that
the phrase "cluster environment" is a reference to RAC.
Enable
C:\u01\oracle\product\dbhome_1\bin>roohctl -enable
Enabling Read-Only Oracle home.
Update Windows registry to enable Read-Only Oracle home.
Update read only home attribute in the Windows registry.
Update the Windows registry.
Enable Read-Only Oracle home.
Check the log file C:\u01\app\orabase\cfgtoollogs\roohctl\roohctl-211221PM020213.log.
-- the file naming convention is: <year><month><day><AM|PM><hour><minute><second>
Disable: Present and working in versions prior to 21c. It may still be in 21c but in the current test environment that has not been checked.