OPMN Fail Star HTT Serv 10g Aft Chan apachectl Root Ownersh 6750 Permis_735023.1

rongshiyuan發表於2014-07-13
AIApache

OPMN Fails to Start Oracle HTTP Server 10g After Changing 'apachectl' to Root Ownership and 6750 Permissions (Doc ID 735023.1)


In this Document

Symptoms
Changes
Cause
Solution
References

Applies to:

Oracle Fusion Middleware - Version 9.0.4.0.0 to 10.1.4.3.0 [Release AS10g to AS10gR3]
Oracle HTTP Server - Version 9.0.4.0.1 to 10.1.3.5.0 [Release AS10g to AS10gR3]
Information in this document applies to any platform.
Except the MS Windows platform.
Checked for relevance on 24-Jul-2013

Symptoms

Oracle HTTP Server, residing on a Unix platform, fails to start using OPMN. For example, OPMN reports the generic error

opmnctl startall
opmnctl: starting opmn and all managed processes...
================================================================================
opmn id=oradb:6200
0 of 1 processes started.

ias-instance id=infra.oracle.com
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
ias-component/process-type/process-set:
HTTP_Server/HTTP_Server/HTTP_Server

Error
--&gt Process (pid=24042)
Failed to start a managed process after the maximum retry limit Log::
/opt/oracle/infra/opmn/logs/HTTP_Server~1


The HTTP_Server~1 OPMN log file just reports that the HTTP Server has been started, but there are actually no httpd processes present on the system.

There is also nothing written to the $ORACLE_HOME/apache/apache/logs directory even when HTTP Server logLevel is set to debug. 

Furthermore there are no core / segmentation fault files created.

Changes

In order for the HTTP Server to listen on ports < 1024 e.g 80 and 443 the ownership and permissions of the Oracle HTTP Server binary - '.apachectl' - have been changed as follows:

chown root .apachectl
chmod 6750 .apachectl

If the ownership and permissions of this binary are reverted back to the default settings HTTP Server starts up fine using OPMN.

Cause

The problem is caused by an underlying problem with the suid functionality at the unix / operating system level. For example to prove whether or not this is the cause, try this simple test.

Logged in as oracle create a simple shell script file and run it as follows:

cd /tmp
vi hello
echo hello
chmod 750 hello
./hello

Now switch to root

su root
[Enter root password]
chown root hello
chmod 6750 hello
[Log out as root so you are back as oracle user]
./hello

If you now see a permissions denied error the suid bit is not working.  This is the underlying problem to which OPMN is falling victim when it attempts to execute '.apachectl start' behind the scenes.

Solution

The underlying cause needs to be addressed by the Unix administrator or vendor. It could be, for example, that the disk hosting the Oracle HTTP Server has been mounted with the nosuid setting. See issue discussed in referenced note below.

One possible work-around is to change .apachectl to belong to another group - such as the generic one users (rather than have the file belong to the oracle group - typically called 'oinstall') e.g

chown root:users .apachectl
chmod 6750 .apachectl

References

NOTE:274009.1 - Cannot Start Oracle HTTP Server on Privileged Port (80/443) on Solaris 9
NOTE:744393.1 - SSL Enabled HTTP Server on Linux Intermittently Core Dumps Immediately After OPMN Startup

來自 “ ITPUB部落格 ” ,連結:http://blog.itpub.net/17252115/viewspace-1217896/,如需轉載,請註明出處,否則將追究法律責任。

相關文章