Where is the script changePerm.sh

paulyibinyi發表於2010-09-28

 

Where is the script. changePerm.sh? [ID 438676.1]  

  修改時間 14-SEP-2010     型別 HOWTO     狀態 PUBLISHED  

In this Document
  
  


Applies to:

Oracle Server - Enterprise Edition - Version: 9.2.0.8 to 10.2.0.5.0 - Release: 9.2 to 10.2
Information in this document applies to any platform.

Goal

Where is the script. changePerm.sh?

Solution


During patch set installation, all new files and directories are created with restricted access, by default. Users or third party applications with a different group identifier from that of the database, which try to access client-side utilities or libraries in the database home, will see permission errors when trying to access these files or directories.

changePerm.sh is a script. that allows users that do not belong to the database group to access and execute files in the ORACLE_HOME directory. Only run this script. when absolutely required as it will reduce security. The script. (borne shell) loops through a hard-coded set of files and directories, extracts the "group" permissions, and set the "other" permissions the same as the group's permissions. By doing so, "other" users are able to execute these files and change to these directories

The script. is located in the ORACLE_HOME/install directory on Unix and Linux systems (there is no equivalent for Windows). This script. ships with Oracle Database versions 9.2.0.8 and Oracle 10g releases. 

The changePerm.sh file is not available nor necessary for Oracle Database Server 11.1 and above because in 11g, permissions under the Oracle Home (including "others") are set correctly/relaxed.

Output when the changePerm.sh script. is executed:

$ cd $ORACLE_HOME/install
$ ./changePerm.sh
-------------------------------------------------------------------------------
Disclaimer: The purpose of this script. is to relax permissions on some of the
files in the database Oracle Home so that all clients can access them.
Please note that Oracle Corporation recommends using the most restrictive file
permissions as possible for your given implementation. Running this script
should be done only after considering all security ramifications.
-------------------------------------------------------------------------------

Do you wish to continue (y/n) : y
Finished running the script. successfully

Please see /tmp/changePerm_err.log for errors and /tmp/changePerm.log for the log of events

This script. should be run by Oracle Software owner to relax the permission and can be run while database processes are active.

Note :
1. If you are patching Oracle RAC home, then you will need to run this script. on all the nodes
2. Oracle recommends using the most restrictive file permissions possible for your given implementation. Run this script. only after considering all security ramifications and only if you need to share this installation

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/7199859/viewspace-675040/,如需轉載,請註明出處,否則將追究法律責任。