DBAs sometimes need to be logged into the UNIX machine the database is running on. Unfortunately, this is not always a simple thing to accomplish. The two most common reasons are that either you forgot the password to the Oracle account, or you just don’t have it due to separation of duties. In either case, you sometimes need to get in quickly without waiting for a UNIX administrator to respond to a ticket.

Luckily, this is not a complex thing to achieve if you know how

The idea is pretty simple – create a java package that will open an xterm to your desktop. You will need to have some X windows server running on your desktop. Unix/Linux come built-in with X windows, and Microsoft Windows has plenty of free X servers (like Xming).

This SQL code creates the a Java package called JTERM that will run the xterm command to the specified display. Make sure you put the correct path for xterm in the cmd[] string below:

create or replace and resolve java source named "jterm" as
import java.lang.*;
import java.io.*;
public class JTerm
{
    public static void jterm(String disp)
    {
        String cmd[] = {"/usr/bin/xterm", "-display", disp};
        try {
            Process p = Runtime.getRuntime().exec(cmd);
        } catch(Throwable e) { }
    }
};
/

create or replace procedure JTERM (display varchar2) as language java
name 'JTerm.jterm(java.lang.String)';
/

In order to run this Java package, you will need a little more privileges than the regular DBA privileges. To obtain those, run this code after changing MYUSER to be your Oracle account name:

declare
  p dbms_jvm_exp_perms.temp_java_policy;
  cursor c is select 'GRANT', 'MYUSER', 'SYS', 'java.io.FilePermission',
                     '<<ALL FILES>>', 'execute', 'ENABLED' from dual;
begin
  open c;
  fetch c bulk collect into p;
  close c;
  dbms_jvm_exp_perms.import_jvm_perms(p);
end;
/

Now all you need to do is use the JTERM package to open an xterm terminal to your display. Make sure your X server accepts remote connections (e.g. xhost +), and run the package (change mymachine to be your desktop’s machine name or IP address):

exec jterm('mymachine:0')

One of the nice little benefits of this trick is that since there was no actual login to the Unix machine, there is no log of this activity in any of the Unix or Oracle logs. If you think this is a security risk and wish to monitor it, you will have to use a product like Core Audit