Oracle軟體許可權修復
Oracle軟體許可權修復
1.1 許可權修復
1.1.1 如果$GRID_HOME下的許可權被人為修改過,那麼如何來修復該許可權問題?
參考連線:http://blog.itpub.net/26736162/viewspace-2121470/
使用chown -R誤操作將整個$GRID_BASE或$GRID_HOME的許可權修改了,或者刪除了$GRID_HOME/log資料夾下的所有內容,導致叢集不能啟動。在這種情況下可以根據MOS文件:Tips for checking file permissions on GRID environment(ID 1931142.1)來修復該問題。
該文件中描述到,在$GRID_HOME/crs/utl(Oracle 11.2及12.1.0.1)或<GRID_HOME>/crs/utl/<hostname>(Oracle 12.1.0.2)下面的crsconfig_dirs和crsconfig_fileperms檔案中記錄了整個$GRID_HOME下面的檔案和目錄的相關許可權。
Check the permissions from the following 2 files which are created during Grid Infrastructure installation.
In $GRID_HOME/crs/utl (for 11.2 and 12.1.0.1) and <GRID_HOME>/crs/utl/<hostname> (for 12.1.0.2) directory:
crsconfig_dirs :which has all directories listed in and their permissions
crsconfig_fileperms :which has list of files and their permissions and locations in .
[root@raclhr-11gR2-N1 utl]# ll $ORACLE_HOME/crs/utl/crsconfig_*
-rw-r--r-- 1 root root 8554 May 17 13:31 /u01/app/11.2.0/grid/crs/utl/crsconfig_dirs
-rw-r--r-- 1 root root 12619 May 17 13:31 /u01/app/11.2.0/grid/crs/utl/crsconfig_fileperms
-rw-r--r-- 1 root root 11218 May 17 13:31 /u01/app/11.2.0/grid/crs/utl/crsconfig_files
誤操作:
chown -R oracle.oinstall $ORACLE_HOME
ps -ef |grep d.bin|grep -v grep|awk '{print $2}' | xargs kill -9
可以通過命令“cluvfy comp software -n all -verbose”來校驗叢集的許可權是否正確。
所以要解決這個問題其實並不難,大致可以通過如下幾種方法來解決:
1、根據MOS文件1931142.1提供的建議通過$GRID_HOME/crs/install/rootcrs.pl -init或roothas.pl -init進行解決。該方法可以用來解決刪除了$GRID_HOME/log資料夾下的所有內容,導致叢集不能啟動的情況,但是對於chown -R誤操作將整個$GRID_HOME的許可權修改了的情況不一定能恢復。
For 11.2:
For clustered Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./rootcrs.pl -init
For Standalone Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./roothas.pl -init
For 12c:
For clustered Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./rootcrs.sh -init
For Standalone Grid Infrastructure, as root user
# cd <GRID_HOME>/crs/install/
# ./roothas.sh -init
rootcrs.pl –init是在PSU>11.2.0.3.6下執行的,如果PSU<11.2.0.3.6可以執行如下兩條命令來實現同樣的效果。
<GRID_HOME>/crs/install/rootcrs.pl -unlock
<GRID_HOME>/crs/install/rootcrs.pl -patch
2、採用MOS文件1515018.1上提供的指令碼permission.pl在許可權正常節點上生成修復指令碼,然後將生成的修復指令碼在異常節點上執行來修復許可權問題。可以用來修復chown -R誤操作將整個$GRID_HOME的許可權修改了的情況。
注意,該指令碼會產生2個檔案:
a. permission-<time stamp> - This contains file permission in octal value, owner and group information of the files captured
b. restore-perm-<time stamp>.cmd - This contains command to change the permission, owner, and group of the captured files
修復時只需要執行restore-perm-<time stamp>.cmd檔案即可。在執行指令碼之前,需要將指令碼中的節點名稱替換成異常節點名。vi下的替換命令為:
:%s/raclhr-11gr2-n2/raclhr-11gr2-n1/g 替換每一行中所有 raclhr-11gr2-n2 為 raclhr-11gr2-n1
3、Oracle 11gR2可以deconfig crs的配置,然後重新執行root.sh即可。如果OCR和資料庫不再同一個磁碟組裡,那麼重新執行root.sh指令碼並不影響資料庫,所以無需擔心。可以用來修復OCR、OLR或表決磁碟損壞的情況,或ASM節點號和主機節點號不一致的情況。
$GRID_HOME/crs/install/rootcrs.pl -deconfig -force -verbose
dd if=/dev/zero of=/dev/rhdiskN bs=1024k count=1024 --清理磁碟頭
$GRID_HOME/root.sh
在root.sh指令碼執行完畢後,需要再次將資料庫、監聽和SERVICE等其它資源新增進叢集中:
srvctl add db -d lhrrac1 -r PRIMARY -o $ORACLE_HOME
srvctl add instance -d lhrrac1 -i lhrrac11 -n raclhr-11gR2-N1
srvctl add instance -d lhrrac1 -i lhrrac12 -n raclhr-11gR2-N2
srvctl add listener -l LISTENER -o $ORACLE_HOME
1.1.2 $ORACLE_HOME/bin/oracle檔案的許可權修復
在安裝有GI的環境下,許可權、屬主是嚴格被設定的,任何對於它們的錯誤修改容易引發一系列的問題,而且這些問題往往都很詭異很難按照常規的思路去診斷。一旦出現許可權的問題,個人建議第1和第3種方式來修改。
如果可執行檔案$ORACLE_HOME/bin/oracle的屬主或許可權設定出了問題,那麼可能會造成很多問題。例如:無法登陸到資料庫、ora-600錯誤、“TNS-12518: TNS:listener could not hand off client connection”、“Linux Error: 32: Broken pipe”、“ORA-12537: TNS:connection closed”、訪問ASM磁碟出錯等。解決辦法很簡單,可以在grid使用者下執行setasmgidwrap命令重新配置$ORACLE_HOME/bin/oracle可執行檔案的許可權和屬主或者直接將oracle檔案的許可權修改為6751。$ORACLE_HOME/bin/oracle可執行檔案正確屬主應該是oracle:asmadmin,並且許可權必須有s才可以,如下所示:
[root@orclalhr ~]$ which setasmgidwrap
/u01/app/11.2.0/grid/bin/setasmgidwrap
[root@orclalhr ~]$ setasmgidwrap -o /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle
[root@orclalhr ~]$ ll /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle
-rwsr-s--x 1 oracle asmadmin 232399083 Apr 21 2015 /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle
[root@orclalhr ~]# ll /u01/app/11.2.0/grid/bin/oracle
-rwsr-s--x. 1 grid oinstall 203972117 Jan 5 2015 /u01/app/11.2.0/grid/bin/oracle
[root@orclalhr ~]# chmod 6751 /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle
[root@orclalhr ~]# ll /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle
-rwsr-s--x 1 oracle asmadmin 232399083 Apr 21 2015 /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle
[root@orclalhr bin]# cd /u01/app/oracle/product/11.2.0/dbhome_1/bin/
[root@orclalhr bin]# which stat
/usr/bin/stat
[root@orclalhr bin]# stat oracle
File: `oracle'
Size: 210823844 Blocks: 411776 IO Block: 4096 regular file
Device: 802h/2050d Inode: 1717737 Links: 1
Access: (6751/-rwsr-s--x) Uid: ( 501/ oracle) Gid: ( 504/asmadmin)
Access: 2017-03-16 12:33:44.809363974 +0800
Modify: 2014-05-18 17:09:50.508549983 +0800
Change: 2017-03-16 11:05:15.733816820 +0800
& 說明:
有關修復許可權的更多內容可以參考我的BLOG:http://blog.itpub.net/26736162/viewspace-2121470/
How to check and fix file permissions on Grid Infrastructure environment (文件 ID 1931142.1)
In this Document
Goal |
Solution |
APPLIES TO:
Oracle Database - Enterprise Edition - Version 11.2.0.3 and laterOracle Database - Standard Edition - Version 12.1.0.1 to 12.1.0.1 [Release 12.1]
Information in this document applies to any platform.
GOAL
To provide ways how to check, find and correct permissions for Grid Infrastructure (GI) $ORACLE_HOME or <GRID_HOME> .
SOLUTION
1. Validate the <GRID_HOME> by using cluvfy tool.
This though only validates the binary files and theirs permissions. This is mentioned in unpublished bug 18407533 (closed as not a bug).
2. Check the permissions from the following 2 files which are created during Grid Infrastructure installation.
In $GRID_HOME/crs/utl (for 11.2 and 12.1.0.1) and <GRID_HOME>/crs/utl/<hostname> (for 12.1.0.2) directory:
- crsconfig_dirs which has all directories listed in <GRID_HOME> and their permissions
- crsconfig_fileperms which has list of files and their permissions and locations in <GRID_HOME>.
3. The permissions can be reverted back to original values with rootcrs.pl or roothas.pl. For versions 11.2.0.3.6 and higher, there is an option -init:
Reset the permissions of all files and directories under Oracle <GRID_HOME>. Please ensure CRS is not running while performing the followings:
For 11.2:
For clustered Grid Infrastructure, as root user
# ./rootcrs.pl -init
For Standalone Grid Infrastructure, as root user
# ./roothas.pl -init
For 12c:
For clustered Grid Infrastructure, as root user
# ./rootcrs.sh -init
For Standalone Grid Infrastructure, as root user
# ./roothas.sh -init
4. If that does not work then permissions can be altered manually with information found from crsconfig_fileperms and crsconfig_dirs files.
Please note that changing the permissions manually is the last resort and shouldn't be used unless recommended by Oracle support or development.
Script to capture and restore file permission in a directory (for eg. ORACLE_HOME) (文件 ID 1515018.1)
In this Document
Main Content |
Purpose |
Requirements |
Configuring |
Instructions |
Caution |
Script |
APPLIES TO:
Oracle Database - Enterprise EditionGeneric UNIX
Generic Linux
MAIN CONTENT
PURPOSE
This script is intended to capture and restore the file permission of a given directory example - ORACLE_HOME. The script will create a output file called permission_<timestamp> and permission_<timestamp>.cmd
REQUIREMENTS
The script needs to be run on command prompt of Unix platform .
Perl is required to execute this script
Shell is required to run the shell script .
CONFIGURING
Download and save the script on your server as permission.pl
Provide the execute permission on the script
INSTRUCTIONS
Run the script from the location where you have downloaded and saved it
CAUTION
Proofread this sample code before using it! Due to the differences in the way text editors, e-mail packages and operating systems handle text formatting (spaces, tabs and carriage returns), this sample code may not be in an executable state when you first receive it. Check over the sample code to ensure that errors of this type are corrected.
Note : This script can restore permission back to the point at which it was captured. It is not intended to reset the permission.
SCRIPT
Execute the script from the dollar ($) prompt
Steps to capture permission of a directory
1. Download the script from here
2. Log in as "oracle" user
3. copy the file to a location say /home/oracle/scripts
4. Give execute permission
5. Execute the script to capture permission
$ ./permission.pl <Path name to capture permission>
Script generates two files
a. permission-<time stamp> - This contains file permission in octal value, owner and group information of the files captured
b. restore-perm-<time stamp>.cmd - This contains command to change the permission, owner, and group of the captured files
Steps to restore captured permission of the directory
1. Give execute permission to file generated during capture
2. execute .cmd file to restore the permission and the ownership
Sample output of the script
permission-<time stamp>
750 oracle oinstall /u03/app/oracle/OraHome_11202g/root.sh
644 oracle oinstall /u03/app/oracle/OraHome_11202g/install.platform
640 oracle oinstall /u03/app/oracle/OraHome_11202g/oraInst.loc
644 oracle oinstall /u03/app/oracle/OraHome_11202g/afiedt.buf
644 oracle oinstall /u03/app/oracle/OraHome_11202g/a.out
6755 root root /u03/app/oracle/OraHome_11202g/tsh.sh
644 oracle oinstall /u03/app/oracle/OraHome_11202g/Readme.txt
640 oracle oinstall /u03/app/oracle/OraHome_11202g/oraorcl1122
644 oracle oinstall /u03/app/oracle/OraHome_11202g/SQLtraining_day1.lst
751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/hsots
751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/nid
6751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/oracle
751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/orapwd
751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/wrap
750 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/grdcscan
restore-perm-<time stamp>.cmd
chmod 755 /u03/app/oracle/OraHome_11202g
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/root.sh
chmod 750 /u03/app/oracle/OraHome_11202g/root.sh
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/install.platform
chmod 644 /u03/app/oracle/OraHome_11202g/install.platform
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/oraInst.loc
chmod 640 /u03/app/oracle/OraHome_11202g/oraInst.loc
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/afiedt.buf
chmod 644 /u03/app/oracle/OraHome_11202g/afiedt.buf
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/a.out
chmod 644 /u03/app/oracle/OraHome_11202g/a.out
chown root:root /u03/app/oracle/OraHome_11202g/tsh.sh
chmod 6755 /u03/app/oracle/OraHome_11202g/tsh.sh
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/Readme.txt
chmod 644 /u03/app/oracle/OraHome_11202g/Readme.txt
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/oraorcl1122
chmod 640 /u03/app/oracle/OraHome_11202g/oraorcl1122
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/SQLtraining_day1.lst
chmod 644 /u03/app/oracle/OraHome_11202g/SQLtraining_day1.lst
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/nid
chmod 751 /u03/app/oracle/OraHome_11202g/bin/nid
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/oracle
chmod 6751 /u03/app/oracle/OraHome_11202g/bin/oracle
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/orapwd
chmod 751 /u03/app/oracle/OraHome_11202g/bin/orapwd
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/wrap
chmod 751 /u03/app/oracle/OraHome_11202g/bin/wrap
chown oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/grdcscan
chmod 750 /u03/app/oracle/OraHome_11202g/bin/grdcscan
小麥苗課程
小麥苗課堂開課啦,如下是現有的課程,歡迎諮詢小麥苗:
課程名稱 |
課時 |
上課時間 |
價格 |
OCP(從入門到專家) |
每年1期,35課時左右/期 |
20:00-22:00 |
1588(可優惠) |
OCM認證 |
每年N期,9課時/期 |
20:00-22:00 |
22888 |
高可用課程(rac+dg+ogg) |
每年1期,20課時左右/期 |
20:00-22:00 |
1888(可優惠) |
Oracle初級入門 |
每年1期,15課時左右/期 |
20:00-22:00 |
800 |
Oracle健康檢查指令碼 |
可微信或微店購買。 |
88 |
|
Oracle資料庫技能直通車 |
包含如下3個課程: ①《11g OCP網路課程培訓》(面向零基礎) 價值1600元 ②《11g OCM網路班課程培訓》(Oracle技能合集)價值10000+元 ③《RAC + DG + OGG 高可用網路班課程》 價值2000元 以上3個課程全部打包只要5888,只要5888所有課程帶回家,終身指導!所有課程都是線上講課,不是播放視訊,課件全部贈送! 注意:以上OCP和OCM課程只包括培訓課程,不包括考試費用。OCM提供培訓+視訊,但是不提供練習環境和資料。報名一次,OCP和高可用的課程可以免費終身迴圈聽課。 |
5888 |
|
OCP+高可用(rac+dg+ogg) |
報名OCP+高可用課程,可以優惠300元,優惠後的價格為3188. |
3188(可優惠) |
注意:
1、每次上課前30分鐘答疑。
2、OCM實時答疑,提供和考試一樣的練習模擬環境,只要按照老師講的方式來練習,可以保證100%通過。
3、授課方式:YY語音網路直播講課(非視訊) + QQ互動答疑 + 視訊複習。
4、OCP課時可以根據大家學習情況進行增加或縮減。
5、以上所有課程均可迴圈聽課。
6、12c OCM課程私聊。
7、Oracle初級入門課程,只教大家最實用+最常用的Oracle操作維護知識。
8、以上所有課程,可以加小麥苗微信(lhrbestxh)或QQ(646634621)詳聊,優惠多多。
培訓專案 |
連線地址 |
DB筆試面試歷史連線 |
|
OCP培訓說明連線 |
|
OCM培訓說明連線 |
|
高可用(RAC+DG+OGG)培訓說明連線 |
|
OCP最新題庫解析歷史連線(052) |
|
微店地址 |
About Me
.............................................................................................................................................
● 本文作者:小麥苗,部分內容整理自網路,若有侵權請聯絡小麥苗刪除
● 本文在itpub(http://blog.itpub.net/26736162/abstract/1/)、部落格園(http://www.cnblogs.com/lhrbest)和個人微信公眾號(xiaomaimiaolhr)上有同步更新
● 本文itpub地址:http://blog.itpub.net/26736162/abstract/1/
● 本文部落格園地址:http://www.cnblogs.com/lhrbest
● 本文pdf版、個人簡介及小麥苗雲盤地址:http://blog.itpub.net/26736162/viewspace-1624453/
● 資料庫筆試面試題庫及解答:http://blog.itpub.net/26736162/viewspace-2134706/
● DBA寶典今日頭條號地址:http://www.toutiao.com/c/user/6401772890/#mid=1564638659405826
.............................................................................................................................................
● QQ群號:230161599(滿)、618766405
● 微信群:可加我微信,我拉大家進群,非誠勿擾
● 聯絡我請加QQ好友(646634621),註明新增緣由
● 於 2018-07-01 06:00 ~ 2018-07-31 24:00 在魔都完成
● 最新修改時間:2018-07-01 06:00 ~ 2018-07-31 24:00
● 文章內容來源於小麥苗的學習筆記,部分整理自網路,若有侵權或不當之處還請諒解
● 版權所有,歡迎分享本文,轉載請保留出處
.............................................................................................................................................
● 小麥苗的微店:https://weidian.com/s/793741433?wfr=c&ifr=shopdetail
● 小麥苗出版的資料庫類叢書:http://blog.itpub.net/26736162/viewspace-2142121/
● 小麥苗OCP、OCM、高可用網路班:http://blog.itpub.net/26736162/viewspace-2148098/
.............................................................................................................................................
使用微信客戶端掃描下面的二維碼來關注小麥苗的微信公眾號(xiaomaimiaolhr)及QQ群(DBA寶典)、新增小麥苗微信,學習最實用的資料庫技術。
小麥苗的微信公眾號 小麥苗的DBA寶典QQ群2 小麥苗的微信二維碼 小麥苗的微店
.............................................................................................................................................
來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26736162/viewspace-2157665/,如需轉載,請註明出處,否則將追究法律責任。
相關文章
- Mac系統如何修復Mac硬碟許可權Mac硬碟
- Oracle 目錄許可權丟失故障恢復Oracle
- 許可權修飾符
- 如何在Mac電腦中修復磁碟許可權?Mac
- 小知識:軟體開發的許可權控制和許可權驗證
- Mac修復多個檔案錯誤許可權的方法?Mac
- win10軟體許可權怎麼設定_win10軟體系統許可權限制如何操作Win10
- OA辦公軟體篇(二)—許可權管理
- 如何在macOS中修復多個檔案的錯誤許可權Mac
- Oracle使用者角色許可權管理Oracle
- 許可權之選單許可權
- linux 檔案許可權 s 許可權和 t 許可權解析Linux
- 關於 Linux Polkit 許可權提升漏洞(CVE-2021-4034)的修復方法Linux
- Mac電腦修復多個檔案的錯誤許可權的方法Mac
- 如何用 Vue 實現前端許可權控制(路由許可權 + 檢視許可權 + 請求許可權)Vue前端路由
- PJzhang:CVE-2020-1472微軟NetLogon許可權提升漏洞~復現微軟Go
- 使用 Casbin 作為 ThinkPHP 的許可權控制中介軟體PHP
- Delphi 7 編譯軟體申請管理員許可權編譯
- 許可權系統:一文搞懂功能許可權、資料許可權
- PHP 物件導向 (一)許可權修飾符PHP物件
- 許可權修飾符和final關鍵字
- 帆軟——目錄及許可權配置
- win11解除安裝軟體提示沒有許可權
- GPL3.0許可證軟體著作權糾紛案例解析
- Oracle 資料庫安全許可權配置標準Oracle資料庫
- Linux特殊許可權之suid、sgid、sbit許可權LinuxUI
- win10無管理員許可權怎麼安裝軟體 win10安裝軟體提示沒有管理員許可權解決方法Win10
- 封裝、許可權修飾符、封裝的案例封裝
- RAC安裝目錄許可權快速恢復
- mysql許可權MySql
- 許可權控制
- Linux許可權Linux
- 如何恢復win10系統沒有以管理員許可權執行軟體的方法Win10
- win10軟體許可權設定在哪裡 W10系統怎麼設定應用的許可權Win10
- android動態許可權到自定義許可權框架Android框架
- 選單許可權和按鈕許可權設定
- Linux的檔案存取許可權和0644許可權Linux
- Laravel學習筆記六-許可權管理與中介軟體MiddlewareLaravel筆記