11gR2 rac中使用者角色分離及常見oracle bin程式及ASM磁碟許可權問題彙總

531968912發表於2018-12-01

1. 11gR2 RAC 角色分離資訊

11gR2中安裝oracle 叢集件和資料庫軟體中的一些group進行簡單的介紹。

   oinstall : 這個group是GI 和RDBMS軟體的擁有者。

   dba : 這個group是資料庫的dba group, 對資料庫具有最高許可權。

   asmdba : 這個group是asm例項的dba group, 可以啟動/關閉例項,掛載/解除安裝asm 磁碟組。

   asmadmin: 這個group是asm的管理員group,它包含asmdba的全部許可權,同時還可以增加/刪除 asm 磁碟,磁碟組等。


2. ASM共享磁碟及orale/grid使用者及GI_HOME/RDBMS_HOME bin目錄的oracle程式正確許可權

------------GI及RDBMS軟體安裝完成,未DBCA建立資料庫時的許可權:

[root@bys1 ~]# su - oracle

[oracle@bys1 ~]$ cd $ORACLE_HOME/bin

[oracle@bys1 bin]$ ls -al oracle   --RDBMS_HOME的

-rwsr-s--x 1 oracle oinstall 239626665 Nov  9 21:31 oracle

[grid@bys1 ~]$ cd $ORACLE_HOME/bin

[grid@bys1 bin]$ ls -al oracle   --GRID_HOME的

-rwsr-s--x 1 grid oinstall 209914471 Nov  9 19:07 oracle

[grid@bys1 bin]$ crsctl query crs activeversion

Oracle Clusterware active version on the cluster is [11.2.0.4.0]


------------DBCA建立資料庫後的正確許可權示例,即正常的許可權:

[oracle@bys1 bin]$ ls -al oracle

-rwsr-s--x 1 oracle asmadmin 239626665 Nov  9 21:31 oracle


[grid@bys1 ~]$ cd $ORACLE_HOME/bin

[grid@bys1 bin]$ ls -al oracle

-rwsr-s--x 1 grid oinstall 209914471 Nov  9 19:07 oracle

[grid@bys1 bin]$ id oracle

uid=502(oracle) gid=501(oinstall) groups=501(oinstall),502(dba),506(asmdba)

[grid@bys1 bin]$ id grid

uid=501(grid) gid=501(oinstall) groups=501(oinstall),504(asmadmin),506(asmdba),507(asmoper)



3.RAC中常見的因GI/RDBMS HOME中oracle程式許可權或者ASM使用的磁碟許可權有問題引起的問題彙總:


3.1 sqlplus登陸時報錯:ORA-12547: TNS:lost contact

在RAC中常見的還有oracle程式的許可權不對,

ORA-12547 Errors

The error ORA-12547 indicates that the communication channel has been broken. It's most often thrown because the other end of the process went away unexpectedly.


參考MOS文件:

Note 1307075.1 Oracle Database Fails to Start with Error ORA-12547

Note 381566.1 connect / as sysdba Fails with Ora-12547 And Tns-12514

ORA-12537 / ORA-12547 or TNS-12518 if Listener (including SCAN Listener) and Database are Owned by Different OS User (文件 ID 1069517.1)

Note 744512.1 Ora-12547: Tns:Lost Contact Creating Database After Clean Installation

導致 Scan VIP 和 Scan Listener(監聽程式)出現故障的最常見的 5 個問題 (文件 ID 1602038.1)


3.2 安裝完GI與RDBMS軟體,未使用DBCA建立資料庫。使用手動恢復資料庫方法,此時rdmbs_home下oracle程式許可權問題引發的錯誤

RMAN> restore controlfile from '/home/oracle/fulldb_SCTTEST_900418795_84';


Starting restore at 06-JAN-16

using target database control file instead of recovery catalog

allocated channel: ORA_DISK_1

channel ORA_DISK_1: SID=98 instance=scttest1 device type=DISK


channel ORA_DISK_1: restoring control file

RMAN-00571: ===========================================================

RMAN-00569: =============== ERROR MESSAGE STACK FOLLOWS ===============

RMAN-00571: ===========================================================

RMAN-03002: failure of restore command at 01/06/2016 13:20:29

ORA-19870: error while restoring backup piece /home/oracle/fulldb_SCTTEST_900418795_84

ORA-19504: failed to create file "+DATA/scttest/controlfile/control01.ctl"

ORA-17502: ksfdcre:3 Failed to create file +DATA/scttest/controlfile/control01.ctl

ORA-15001: diskgroup "DATA" does not exist or is not mounted

ORA-15055: unable to connect to ASM instance

ORA-01034: ORACLE not available

ORA-27123: unable to attach to shared memory segment

其它類似報錯型別:

SQL> create spfile='+DATA/jdedb/spfilejdedb1.ora' from pfile;

create spfile='+DATA/jdedb/spfilejdedb1.ora' from pfile

*

ERROR at line 1:

ORA-17502: ksfdcre:4 Failed to create file +DATA/jdedb/spfilejdedb1.ora

ORA-15001: diskgroup "DATA" does not exist or is not mounted

ORA-15040: diskgroup is incomplete


檢視alert日誌:

Mon Nov 07 14:12:19 2016

Decreasing number of real time LMS from 2 to 0

Mon Nov 07 14:17:50 2016

ORA-15025: could not open disk "/dev/raw/raw2"

ORA-27041: unable to open file

Linux-x86_64 Error: 13: Permission denied

Additional information: 9

Mon Nov 07 14:17:50 2016

SUCCESS: diskgroup DATA was dismounted

ERROR: diskgroup DATA was not mounted


3.3 ASM使用的磁碟許可權問題導致的報錯

11.2.0.3中報錯資訊如下:

ORA-15045:ASM file name '+DATA1' is not in reference form

ORA-17502:ksfdcre:5 Failed to create file +DATA1

ORA-15081:failed to submit an I/0 operation to a disk;


[oracle@bys1 bin]$ ls -al /dev/sdc /dev/sdd  --這可以看到只有GRID使用者可讀寫,要修改。

brw-r----- 1 grid asmadmin 8, 32 Apr 11 19:24 /dev/sdc


4.LINUX “suid”和“sgid”許可權簡介

 Linux 許可權模型有兩個專門的位,叫做“suid”和“sgid”。當設定了一個可執行程式的“suid”這一位時,它將代表可執行檔案的所有者執行,而不是代表啟動程式的人執行。

關於6751許可權的說明:

6751分別指定了ugoa的許可權:

第一位6是suid+sgid許可權

第二位7代表g(組)有讀、寫、執行許可權

第三位5代表o(其它使用者)有讀、執行許可權

第四位1代表a(所有者、組、其它使用者)有執行許可權

詳細可以參考其它BLOG:


http://www.cnblogs.com/snake-hand/p/3161511.html


http://blog.csdn.net/xiaocainiaoshangxiao/article/details/17378611


----------------------------本文內容參考MOS文件:

Oracle Database Fails to Start with Error ORA-12547 (文件 ID 1307075.1)

"Connected to an Idle Instance" Message when Connecting Bequeath to a Running Instance (文件 ID 435044.1)

Troubleshooting when srvctl can't start RAC instance, but sqlplus can start it (文件 ID 844272.1)    

    10gR2 Database Creation Fails with 11gR2 ASM storage: ORA-15045, ORA-17502, ORA-15081 [ID 1384180.1]

    Database Creation on 11.2 Grid Infrastructure with Role Separation ( ORA-15025, KFSG-00312, ORA-15081 ) (文件 ID 1084186.1)

    ORA-00600 [kfioTranslateIO03] [17090] (Doc ID 1336846.1)

    ORA-15183 Unable to Create Database on Server using 11.2 ASM and Grid Infrastructure (文件 ID 1054033.1)

    Startup Instance Failed with ORA-27140 ORA-27300 ORA-27301 ORA-27302 and ORA-27303 on skgpwinit6 (文件 ID 1274030.1)

https://blogs.oracle.com/Database4CN/entry/%E4%BB%BB%E5%8A%A1%E8%A7%92%E8%89%B2%E5%88%86%E7%A6%BB_job_role_separation_%E7%AE%80%E4%BB%8B

--------------------- 


來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/25462274/viewspace-2222345/,如需轉載,請註明出處,否則將追究法律責任。

相關文章