grid與oracle使用者下oracle程式許可權不一致導致ORA-15055/ORA-27123無法連線ASM問題

還不算暈發表於2016-01-09
OracleASM
11G RAC使用ASM,在從單例項恢復到RAC時遇到如下問題:
RMAN> restore controlfile from '/home/oracle/fulldb_SCTTEST_900418795_84';

Starting restore at 06-JAN-16
using target database control file instead of recovery catalog
allocated channel: ORA_DISK_1
channel ORA_DISK_1: SID=98 instance=scttest1 device type=DISK
channel ORA_DISK_1: restoring control file
RMAN-00571: ===========================================================
RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============
RMAN-00571: ===========================================================
RMAN-03002: failure of restore command at 01/06/2016 13:20:29
ORA-19870: error while restoring backup piece /home/oracle/fulldb_SCTTEST_900418795_84
ORA-19504: failed to create file "+DATA/scttest/controlfile/control01.ctl"
ORA-17502: ksfdcre:3 Failed to create file +DATA/scttest/controlfile/control01.ctl
ORA-15001: diskgroup "DATA" does not exist or is not mounted
ORA-15055: unable to connect to ASM instance
ORA-01034: ORACLE not available
ORA-27123: unable to attach to shared memory segment

排查:
1.ASM磁碟組已經正常掛載:
SQL> select name,state from v$asm_diskgroup;
NAME                           STATE
------------------------------ -----------
DGOCR                          MOUNTED
DATA                           MOUNTED
ARCH                           MOUNTED
2.資料庫alert日誌:
WARNING: failed to start ASMB (connection failed) state=0x1 sid='+ASM1' home='/u01/11.2.0/grid1'
ORA-15055: unable to connect to ASM instance
ORA-01034: ORACLE not available
ORA-27123: unable to attach to shared memory segment
Linux-x86_64 Error: 13: Permission denied
Additional information: 26
Additional information: 3637290
------------
3.跟蹤程式:
sqlplus / as sysdba
create spfile='+data' from pfile;
另一視窗進行跟蹤:
[oracle@lnx67 tmp]$ strace -Fo asm.trc -p 108742
Process 108742 attached - interrupt to quit
^CProcess 108742 detached
[oracle@lnx67 tmp]$ vi asm.trc
108742 wait4(108754, 0x7fffac810d88, 0, NULL) = -1 ECHILD (No child processes)
108742 --- SIGCHLD (Child exited) @ 0 (0) ---
108742 rt_sigaction(SIGINT, {0x7f22e5a0e410, ~[ILL ABRT BUS FPE KILL SEGV USR2 STOP XCPU XFSZ SYS RTMIN RT_1], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x359600f710}, NULL, 8) = 0
108742 rt_sigaction(SIGQUIT, {0x7f22e6de7d14, [QUIT], SA_RESTORER|SA_RESTART, 0x359600f710}, NULL, 8) = 0
108742 write(1, "\n", 1)                = 1
108742 write(1, "SQL> ", 5)             = 5
108742 read(0, "l\n", 1024)             = 2
108742 write(1, "  1* create spfile='+data' from "..., 38) = 38
108742 write(1, "SQL> ", 5)             = 5
108742 read(0, "/\n", 1024)             = 2
108742 write(10, "\0019\0\0\6\0\0\0\0\0\21i\t\376\377\377\377\377\377\377\377\1\0\0\0\0\0\0\0\1\0\0"..., 313) = 313
108742 read(11, "\0\v\0\0\f\0\0\0\1\0\1\0\v\0\0\f\0\0\0\1\0\2", 8208) = 22
108742 write(10, "\0\v\0\0\f\0\0\0\1\0\2", 11) = 11
108742 read(11, "\1\216\0\0\6\0\0\0\0\0\4\5\0\0\0\7\0\1\0\0\0\0\343D\0\0\0\0\1\0\0\0"..., 8208) = 398
108742 write(1, "create spfile='+data' from pfile"..., 33) = 33
108742 write(1, "*\n", 2)               = 2
108742 write(1, "ERROR at line 1:\n", 17) = 17
108742 write(1, "ORA-17635: failure in obtaining "..., 65) = 65
108742 write(1, "ORA-01034: ORACLE not available\n", 32) = 32
108742 write(1, "ORA-27123: unable to attach to s"..., 53) = 53
108742 write(1, "Linux-x86_64 Error: 13: Permissi"..., 42) = 42
108742 write(1, "Additional information: 26\n", 27) = 27
108742 write(1, "Additional information: 2392106\n", 32) = 32
108742 write(1, "\n", 1)                = 1
108742 write(1, "\n", 1)                = 1
108742 write(1, "SQL> ", 5)             = 5
108742 read(0,  <unfinished ...>
####################################################
問題解決:
1.檢視ORACLE程式的許可權:
[oracle@lnx67 db_1]$ cd bin  
[oracle@lnx67 bin]$ ls -al oracle --ORACLE_HOME下的
-rwsr-s--x 1 oracle oinstall 239626665 Jan  6 10:59 oracle
[oracle@lnx67 bin]$ cd $GRID_HOME
[oracle@lnx67 grid1]$ cd bin
[oracle@lnx67 bin]$ ls -al oracle   ---GRID_HOME下的
-rwxr-x--x 1 grid oinstall 209914471 Jan  6 10:33 oracle
[oracle@lnx67 bin]$ pwd
/u01/11.2.0/grid1/bin
2.修改許可權為6751後,恢復正常:
[grid@lnx67 ~]$ cd /u01/11.2.0/grid1/bin
[grid@lnx67 bin]$ ls -al oracle
-rwxr-x--x 1 grid oinstall 209914471 Jan  6 10:33 oracle
[grid@lnx67 bin]$ chmod 6751 oracle
[grid@lnx67 bin]$ ls -al oracle

-rwsr-s--x 1 grid oinstall 209914471 Jan  6 10:33 oracle
本次是新安裝的RAC,尚未有操作,節點1出現此問題,節點2正常。
-------------
3.在安裝僅oracle software之後,$ORACLE_HOME/bin/oracle檔案屬性許可權為751(-rwxr-x--x)
在用安裝ASM建庫(DBCA)時,此檔案屬性會自動被修改為6751(-rwsr-s--x)
--此許可權問題也有可能導致ORA-12537: TNS:connection closed
    [oracle@rac01 ~]$ sqlplus /nolog
    SQL*Plus: Release 11.2.0.1.0 Production on Wed Aug 29 21:06:10 2012
    Copyright (c) 1982, 2009, Oracle. All rights reserved.
    SQL> connect system/***@astt
    ERROR:

    ORA-12537: TNS:connection closed、

--參考文件:導致 Scan VIP 和 Scan Listener(監聽程式)出現故障的最常見的 5 個問題 (文件 ID 1602038.1)

--此許可權問題也有可能導致使用DBCA建庫時無法找到ASM磁碟

4.關於6751許可權的說明:
6751分別指定了ugoa的許可權:
第一位6代表u(所有者)有讀、寫許可權,沒有執行許可權
第二位7代表g(組)有讀、寫、執行許可權
第三位5代表o(其它使用者)有讀、執行許可權
第四位1代表a(所有者、組、其它使用者)有執行許可權
四位6751如果用三位表示就是675,第四位繼承umask的值

 Linux 許可權模型有兩個專門的位,叫做“suid”和“sgid”。當設定了一個可執行程式

的“suid”這一位時,它將代表可執行檔案的所有者執行,而不是代表啟動程式的人執行
oracle使用者屬於組dba、oinstall

相關文章