Oracle軟體許可權修復

lhrbest發表於2018-07-11

Oracle軟體許可權修復




1.1 許可權修復

1.1.1      如果$GRID_HOME下的許可權被人為修改過,那麼如何來修復該許可權問題?

參考連線:http://blog.itpub.net/26736162/viewspace-2121470/

 

使用chown -R誤操作將整個$GRID_BASE或$GRID_HOME的許可權修改了,或者刪除了$GRID_HOME/log資料夾下的所有內容,導致叢集不能啟動。在這種情況下可以根據MOS文件:Tips for checking file permissions on GRID environment(ID 1931142.1)來修復該問題。

該文件中描述到,在$GRID_HOME/crs/utlOracle 11.212.1.0.1)或<GRID_HOME>/crs/utl/<hostname>Oracle 12.1.0.2)下面的crsconfig_dirs和crsconfig_fileperms檔案中記錄了整個$GRID_HOME下面的檔案和目錄的相關許可權。

Check the permissions from the following 2 files which are created during Grid Infrastructure installation.

In $GRID_HOME/crs/utl (for 11.2 and 12.1.0.1) and <GRID_HOME>/crs/utl/<hostname> (for 12.1.0.2) directory:

crsconfig_dirs which has all directories listed in and their permissions

crsconfig_fileperms which has list of files and their permissions and locations in .

 

[root@raclhr-11gR2-N1 utl]# ll $ORACLE_HOME/crs/utl/crsconfig_*

-rw-r--r-- 1 root root  8554 May 17 13:31 /u01/app/11.2.0/grid/crs/utl/crsconfig_dirs

-rw-r--r-- 1 root root 12619 May 17 13:31 /u01/app/11.2.0/grid/crs/utl/crsconfig_fileperms

-rw-r--r-- 1 root root 11218 May 17 13:31 /u01/app/11.2.0/grid/crs/utl/crsconfig_files

誤操作:

chown -R oracle.oinstall $ORACLE_HOME

ps -ef |grep d.bin|grep -v grep|awk '{print $2}' | xargs kill -9

 

可以通過命令“cluvfy comp software -n all -verbose”來校驗叢集的許可權是否正確。

 

所以要解決這個問題其實並不難,大致可以通過如下幾種方法來解決:

1、根據MOS文件1931142.1提供的建議通過$GRID_HOME/crs/install/rootcrs.pl -initroothas.pl -init進行解決。該方法可以用來解決刪除了$GRID_HOME/log資料夾下的所有內容,導致叢集不能啟動的情況,但是對於chown -R誤操作將整個$GRID_HOME的許可權修改了的情況不一定能恢復。

For 11.2:

For clustered Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/

# ./rootcrs.pl -init

For Standalone Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/

# ./roothas.pl  -init

For 12c:

For clustered Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/

# ./rootcrs.sh -init

For Standalone Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/

# ./roothas.sh -init

rootcrs.pl init是在PSU>11.2.0.3.6下執行的,如果PSU<11.2.0.3.6可以執行如下兩條命令來實現同樣的效果。

<GRID_HOME>/crs/install/rootcrs.pl -unlock

<GRID_HOME>/crs/install/rootcrs.pl -patch

 

2、採用MOS文件1515018.1上提供的指令碼permission.pl在許可權正常節點上生成修復指令碼,然後將生成的修復指令碼在異常節點上執行來修復許可權問題。可以用來修復chown -R誤操作將整個$GRID_HOME的許可權修改了的情況。

注意,該指令碼會產生2個檔案:

a. permission-<time stamp> - This contains file permission in octal value, owner and group information of the files captured

b. restore-perm-<time stamp>.cmd - This contains command to change the permission, owner, and group of the captured files

修復時只需要執行restore-perm-<time stamp>.cmd檔案即可。在執行指令碼之前,需要將指令碼中的節點名稱替換成異常節點名。vi下的替換命令為:

:%s/raclhr-11gr2-n2/raclhr-11gr2-n1/g     替換每一行中所有 raclhr-11gr2-n2 為 raclhr-11gr2-n1

 

3Oracle 11gR2可以deconfig crs的配置,然後重新執行root.sh即可。如果OCR和資料庫不再同一個磁碟組裡,那麼重新執行root.sh指令碼並不影響資料庫,所以無需擔心。可以用來修復OCROLR或表決磁碟損壞的情況,或ASM節點號和主機節點號不一致的情況。

$GRID_HOME/crs/install/rootcrs.pl -deconfig -force -verbose

dd if=/dev/zero of=/dev/rhdiskN bs=1024k count=1024  --清理磁碟頭

$GRID_HOME/root.sh

root.sh指令碼執行完畢後,需要再次將資料庫、監聽和SERVICE等其它資源新增進叢集中:

srvctl add db -d lhrrac1 -r PRIMARY -o $ORACLE_HOME

srvctl add instance -d lhrrac1 -i lhrrac11 -n raclhr-11gR2-N1

srvctl add instance -d lhrrac1 -i lhrrac12 -n raclhr-11gR2-N2

srvctl add listener -l LISTENER -o $ORACLE_HOME

 

1.1.2      $ORACLE_HOME/bin/oracle檔案的許可權修復

在安裝有GI的環境下,許可權、屬主是嚴格被設定的,任何對於它們的錯誤修改容易引發一系列的問題,而且這些問題往往都很詭異很難按照常規的思路去診斷。一旦出現許可權的問題,個人建議第1和第3種方式來修改。

如果可執行檔案$ORACLE_HOME/bin/oracle的屬主或許可權設定出了問題,那麼可能會造成很多問題。例如:無法登陸到資料庫、ora-600錯誤、“TNS-12518: TNS:listener could not hand off client connection”、“Linux Error: 32: Broken pipe”、“ORA-12537: TNS:connection closed”、訪問ASM磁碟出錯等。解決辦法很簡單,可以在grid使用者下執行setasmgidwrap命令重新配置$ORACLE_HOME/bin/oracle可執行檔案的許可權和屬主或者直接將oracle檔案的許可權修改為6751$ORACLE_HOME/bin/oracle可執行檔案正確屬主應該是oracle:asmadmin,並且許可權必須有s才可以,如下所示:

[root@orclalhr ~]$ which setasmgidwrap

/u01/app/11.2.0/grid/bin/setasmgidwrap

[root@orclalhr ~]$ setasmgidwrap -o /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle

[root@orclalhr ~]$ ll /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle

-rwsr-s--x 1 oracle asmadmin 232399083 Apr 21  2015 /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle

[root@orclalhr ~]# ll /u01/app/11.2.0/grid/bin/oracle

-rwsr-s--x. 1 grid oinstall 203972117 Jan  5  2015 /u01/app/11.2.0/grid/bin/oracle

[root@orclalhr ~]# chmod 6751 /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle

[root@orclalhr ~]# ll /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle

-rwsr-s--x 1 oracle asmadmin 232399083 Apr 21  2015 /u01/app/oracle/product/11.2.0/dbhome_1/bin/oracle

[root@orclalhr bin]# cd /u01/app/oracle/product/11.2.0/dbhome_1/bin/

[root@orclalhr bin]# which stat

/usr/bin/stat

[root@orclalhr bin]# stat oracle

  File: `oracle'

  Size: 210823844       Blocks: 411776     IO Block: 4096   regular file

Device: 802h/2050d      Inode: 1717737     Links: 1

Access: (6751/-rwsr-s--x)  Uid: (  501/  oracle)   Gid: (  504/asmadmin)

Access: 2017-03-16 12:33:44.809363974 +0800

Modify: 2014-05-18 17:09:50.508549983 +0800

Change: 2017-03-16 11:05:15.733816820 +0800

 

& 說明:

有關修復許可權的更多內容可以參考我的BLOGhttp://blog.itpub.net/26736162/viewspace-2121470/

 




How to check and fix file permissions on Grid Infrastructure environment (文件 ID 1931142.1)

In this Document

Goal
Solution


APPLIES TO:

Oracle Database - Enterprise Edition - Version 11.2.0.3 and later
Oracle Database - Standard Edition - Version 12.1.0.1 to 12.1.0.1 [Release 12.1]
Information in this document applies to any platform.

GOAL

To provide ways how to check, find and correct permissions for Grid Infrastructure (GI)  $ORACLE_HOME or <GRID_HOME> .

SOLUTION

1. Validate the <GRID_HOME> by using cluvfy tool.

$ cluvfy comp software -n all -verbose

This though only validates the binary files and theirs permissions. This is mentioned in unpublished bug 18407533 (closed as not a bug).


2. Check the permissions from the following 2 files which are created during Grid Infrastructure installation.

In $GRID_HOME/crs/utl (for 11.2 and 12.1.0.1) and <GRID_HOME>/crs/utl/<hostname> (for 12.1.0.2) directory:

- crsconfig_dirs which has all directories listed in <GRID_HOME> and their permissions

- crsconfig_fileperms which has list of files and their permissions and locations in <GRID_HOME>.


3. The permissions can be reverted back to original values with rootcrs.pl or roothas.pl.  For versions 11.2.0.3.6 and higher, there is an option -init:    

Reset the permissions of all files and directories under Oracle <GRID_HOME>. Please ensure CRS is not running while performing the followings:

For 11.2:
For clustered Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./rootcrs.pl -init

For Standalone Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./roothas.pl  -init


For 12c:
For clustered Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./rootcrs.sh -init

For Standalone Grid Infrastructure, as root user

# cd <GRID_HOME>/crs/install/
# ./roothas.sh -init


4. If that does not work then permissions can be altered manually with information found from crsconfig_fileperms and crsconfig_dirs files.

Please note that changing the permissions manually is the last resort and shouldn't be used unless recommended by Oracle support or development.




Script to capture and restore file permission in a directory (for eg. ORACLE_HOME) (文件 ID 1515018.1)


In this Document

Main Content
  Purpose
  Requirements
  Configuring
  Instructions
  Caution
  Script


APPLIES TO:

Oracle Database - Enterprise Edition
Generic UNIX
Generic Linux

MAIN CONTENT

PURPOSE

This script is intended to capture and restore the file permission of a given directory example - ORACLE_HOME. The script will create a output file called permission_<timestamp> and permission_<timestamp>.cmd

 

REQUIREMENTS

The script needs to be run on command prompt of Unix platform .
Perl is required to execute this script
Shell is required to run the shell script .

CONFIGURING

Download and save the script on your server as permission.pl
Provide the execute permission on the script

INSTRUCTIONS

 Run the script from the location where you have downloaded and saved it

./permission.pl <Path name to capture permission>

CAUTION

This sample code is provided for educational purposes only and not supported by Oracle Support Services. It has been tested internally, however, and works as documented. We do not guarantee that it will work for you, so be sure to test it in your environment before relying on it.

Proofread this sample code before using it! Due to the differences in the way text editors, e-mail packages and operating systems handle text formatting (spaces, tabs and carriage returns), this sample code may not be in an executable state when you first receive it. Check over the sample code to ensure that errors of this type are corrected.

Note : This script can restore permission back to the point at which it was captured. It is not intended to reset the permission.

 

SCRIPT

Execute the script from the dollar ($) prompt

Steps to capture permission of a directory

 1. Download the script from here
 2. Log in as "oracle" user
 3. copy the file to a location say /home/oracle/scripts
 4. Give execute permission

    $ chmod 755 permission.pl


 5. Execute the script to capture permission

  $ cd /home/oracle/scripts
  $ ./permission.pl <Path name to capture permission>

 

Script generates two files

a. permission-<time stamp> - This contains file permission in octal value, owner and group information of the files captured
b. restore-perm-<time stamp>.cmd - This contains command to change the permission, owner, and group of the captured files

Steps to restore captured permission of the directory

1. Give execute permission to file generated during capture

    chmod 755 restore-perm-<timestamp>.cmd

2. execute .cmd file to restore the permission and the ownership

    $ ./restore-perm-<timestamp>.cmd

 

Sample output of the script

permission-<time stamp>

755 oracle oinstall /u03/app/oracle/OraHome_11202g
750 oracle oinstall /u03/app/oracle/OraHome_11202g/root.sh
644 oracle oinstall /u03/app/oracle/OraHome_11202g/install.platform
640 oracle oinstall /u03/app/oracle/OraHome_11202g/oraInst.loc
644 oracle oinstall /u03/app/oracle/OraHome_11202g/afiedt.buf
644 oracle oinstall /u03/app/oracle/OraHome_11202g/a.out
6755 root root /u03/app/oracle/OraHome_11202g/tsh.sh
644 oracle oinstall /u03/app/oracle/OraHome_11202g/Readme.txt
640 oracle oinstall /u03/app/oracle/OraHome_11202g/oraorcl1122
644 oracle oinstall /u03/app/oracle/OraHome_11202g/SQLtraining_day1.lst
751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/hsots
751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/nid
6751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/oracle
751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/orapwd
751 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/wrap
750 oracle oinstall /u03/app/oracle/OraHome_11202g/bin/grdcscan

 

 restore-perm-<time stamp>.cmd

chown  oracle:oinstall /u03/app/oracle/OraHome_11202g
chmod  755 /u03/app/oracle/OraHome_11202g
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/root.sh
chmod  750 /u03/app/oracle/OraHome_11202g/root.sh
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/install.platform
chmod  644 /u03/app/oracle/OraHome_11202g/install.platform
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/oraInst.loc
chmod  640 /u03/app/oracle/OraHome_11202g/oraInst.loc
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/afiedt.buf
chmod  644 /u03/app/oracle/OraHome_11202g/afiedt.buf
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/a.out
chmod  644 /u03/app/oracle/OraHome_11202g/a.out
chown  root:root /u03/app/oracle/OraHome_11202g/tsh.sh
chmod  6755 /u03/app/oracle/OraHome_11202g/tsh.sh
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/Readme.txt
chmod  644 /u03/app/oracle/OraHome_11202g/Readme.txt
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/oraorcl1122
chmod  640 /u03/app/oracle/OraHome_11202g/oraorcl1122
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/SQLtraining_day1.lst
chmod  644 /u03/app/oracle/OraHome_11202g/SQLtraining_day1.lst
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/nid
chmod  751 /u03/app/oracle/OraHome_11202g/bin/nid
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/oracle
chmod  6751 /u03/app/oracle/OraHome_11202g/bin/oracle
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/orapwd
chmod  751 /u03/app/oracle/OraHome_11202g/bin/orapwd
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/wrap
chmod  751 /u03/app/oracle/OraHome_11202g/bin/wrap
chown  oracle:oinstall /u03/app/oracle/OraHome_11202g/bin/grdcscan
chmod  750 /u03/app/oracle/OraHome_11202g/bin/grdcscan












小麥苗課程

小麥苗課堂開課啦,如下是現有的課程,歡迎諮詢小麥苗:


課程名稱

課時

上課時間

價格

OCP(從入門到專家)

每年1期,35課時左右/

2000-2200

1588(可優惠)

OCM認證

每年N期,9課時/

2000-2200

22888

高可用課程(rac+dg+ogg

每年1期,20課時左右/

2000-2200

1888(可優惠)

Oracle初級入門

每年1期,15課時左右/

2000-2200

800

Oracle健康檢查指令碼

可微信或微店購買。

88

Oracle資料庫技能直通車

包含如下3個課程:

①《11g OCP網路課程培訓》(面向零基礎) 價值1600

②《11g OCM網路班課程培訓》(Oracle技能合集)價值10000+

③《RAC + DG + OGG 高可用網路班課程》 價值2000

以上3個課程全部打包只要5888,只要5888所有課程帶回家,終身指導!所有課程都是線上講課,不是播放視訊,課件全部贈送!

注意:以上OCPOCM課程只包括培訓課程,不包括考試費用。OCM提供培訓+視訊,但是不提供練習環境和資料。報名一次,OCP和高可用的課程可以免費終身迴圈聽課。

5888

OCP+高可用(rac+dg+ogg

報名OCP+高可用課程,可以優惠300元,優惠後的價格為3188.

3188(可優惠)

注意:

1、每次上課前30分鐘答疑。

2、OCM實時答疑,提供和考試一樣的練習模擬環境,只要按照老師講的方式來練習,可以保證100%通過。

3、授課方式:YY語音網路直播講課(非視訊) + QQ互動答疑 + 視訊複習

4、OCP課時可以根據大家學習情況進行增加或縮減。

5、以上所有課程均可迴圈聽課。

6、12c OCM課程私聊。

7、Oracle初級入門課程,只教大家最實用+最常用的Oracle操作維護知識。

8、以上所有課程,可以加小麥苗微信(lhrbestxh)或QQ(646634621)詳聊,優惠多多。
 


培訓專案

連線地址

DB筆試面試歷史連線

http://mp.weixin.qq.com/s/Vm5PqNcDcITkOr9cQg6T7w

OCP培訓說明連線

https://mp.weixin.qq.com/s/2cymJ4xiBPtTaHu16HkiuA

OCM培訓說明連線

https://mp.weixin.qq.com/s/7-R6Cz8RcJKduVv6YlAxJA

高可用(RAC+DG+OGG)培訓說明連線

https://mp.weixin.qq.com/s/4vf042CnOdAD8zDyjUueiw

OCP最新題庫解析歷史連線(052)

http://mp.weixin.qq.com/s/bUgn4-uciSndji_pUbLZfA

微店地址

https://weidian.com/s/793741433?wfr=c&ifr=shopdetail





About Me

.............................................................................................................................................

● 本文作者:小麥苗,部分內容整理自網路,若有侵權請聯絡小麥苗刪除

● 本文在itpub(http://blog.itpub.net/26736162/abstract/1/)、部落格園(http://www.cnblogs.com/lhrbest)和個人微信公眾號(xiaomaimiaolhr)上有同步更新

● 本文itpub地址:http://blog.itpub.net/26736162/abstract/1/

● 本文部落格園地址:http://www.cnblogs.com/lhrbest

● 本文pdf版、個人簡介及小麥苗雲盤地址:http://blog.itpub.net/26736162/viewspace-1624453/

● 資料庫筆試面試題庫及解答:http://blog.itpub.net/26736162/viewspace-2134706/

● DBA寶典今日頭條號地址:http://www.toutiao.com/c/user/6401772890/#mid=1564638659405826

.............................................................................................................................................

● QQ群號:230161599(滿)、618766405

● 微信群:可加我微信,我拉大家進群,非誠勿擾

● 聯絡我請加QQ好友646634621,註明新增緣由

● 於 2018-07-01 06:00 ~ 2018-07-31 24:00 在魔都完成

● 最新修改時間:2018-07-01 06:00 ~ 2018-07-31 24:00

● 文章內容來源於小麥苗的學習筆記,部分整理自網路,若有侵權或不當之處還請諒解

● 版權所有,歡迎分享本文,轉載請保留出處

.............................................................................................................................................

小麥苗的微店https://weidian.com/s/793741433?wfr=c&ifr=shopdetail

小麥苗出版的資料庫類叢書http://blog.itpub.net/26736162/viewspace-2142121/

小麥苗OCP、OCM、高可用網路班http://blog.itpub.net/26736162/viewspace-2148098/

.............................................................................................................................................

使用微信客戶端掃描下面的二維碼來關注小麥苗的微信公眾號(xiaomaimiaolhr)及QQ群(DBA寶典)、新增小麥苗微信,學習最實用的資料庫技術。

小麥苗的微信公眾號小麥苗的DBA寶典QQ群2小麥苗的微信二維碼小麥苗的微店

   小麥苗的微信公眾號      小麥苗的DBA寶典QQ群2       小麥苗的微信二維碼          小麥苗的微店

.............................................................................................................................................

Oracle軟體許可權修復
歡迎與我聯絡





來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/26736162/viewspace-2157665/,如需轉載,請註明出處,否則將追究法律責任。

相關文章