I am DBA of a Sybase ASE database server on Linux, with a database that I need to backup every night. The idea is to write a cronjob and run it from user "sybase". But this means I will have a script like this:
isql -Usa -Ppassword_of_sa -SMYSERVER -DMYDATABASE -i/home/sybase/backup.sh
This means I will have the password of sa in clear text inside a script in /home/sybase; in other words, whoever can login in the sybase account can read the sa password. Should I accept this, or is there a safer way? Side question: can I change the password of user sybase? Can there be issues if I do?
No, you should not accept this. One option is to create a new user, and assign the 'oper' role to that user. The 'oper' role allows the user to dump and load databases, as well as transaction logs.
Another option is to use a shell script along with redirects to shield the password from the process list. That would look something like this:
#/bin/sh
#Set Your Sybase ENV
. $SYBASE/$SYBASE.sh
SAPASSWD=password_of_sa
#Put your .sql code after the password, and before the second ENDSQL
isql -Usa -SMYDATABASE << ENDSQL
${SAPASSWD}
dump database MY_DATABASE to dump....
go
ENDSQL
For your second question, you can absolutley change the 'sa' password, and as long as you don't have any hard coded references to it in other places.
On a side note, I would rename your backup file to backup.sql. Using .sh implies that it's a shell script, and could cause confustion.