ITPub博客

首页 > Linux操作系统 > Linux操作系统 > 关于UNIX下oracle程序的权限问题

关于UNIX下oracle程序的权限问题

原创 Linux操作系统 作者:is.x 时间:2011-06-22 14:18:35 0 删除 编辑

oracle程序放在$ORACLE_HOME/bin目录下,其权限设置了SUIDSGID默认的执行权限为6751

oracle@sunvs-a@/oracle/oracle/product/10.2.0.1/bin $ ls -l oracle

-rwsr-s--x   1 oracle   oinstall 119033912  2 18 11:24 oracle

 

设置SUIDSGID的原因是期望非oracle用户在执行相关命令时,拥有oracle用户和组的权限,相关的设置可以通过man chmod查看。简单总结一下:

SUID            4000

SGID           2000

Sticky bit       1000

 

设置了SUIDSGID标志位后,需要设置对应的执行权限(u+xg+x),否则该标志位不会生效,用ls –l看时使用大小写字母“s”区分。

 

SUID

If set, then replaces "x" in the owner permissions to "s", if owner has execute permissions, or to "S" otherwise. Examples:
-rws------ both owner execute and SUID are set
-r-S------ SUID is set, but owner execute is not set

SGID

If set, then replaces "x" in the group permissions to "s", if group has execute permissions, or to "S" otherwise. Examples:
-rwxrws--- both group execute and SGID are set
-rwxr-S--- SGID is set, but group execute is not set

Sticky

If set, then replaces "x" in the others permissions to "t", if others have execute permissions, or to "T" otherwise. Examples:
-rwxrwxrwt both others execute and sticky bit are set
-rwxrwxr-T sticky bit is set, but others execute is not set

 

关于Sticky bit,说明如下:

“When the sticky bit is turned on for a directory users can have read and/or write permissions for that directory, but they can only remove or rename files that they own. The sticky bit on a file tells the operating system that the file will be executed frequently. Files like this are kept in swap space even when they aren’t being executed. Although this takes up swap space it greatly reduces the time it takes to execute the program. Some programs such as vi have the sticky bit turned on by default on some Unixes.”

 

UNIX系统下,/tmp目录设有Sticky bit

 

oracle@ibmvs_a@/ $ ls -ld tmp

drwxrwxrwt   31 bin      bin           24576 Jun 22 13:27 tmp

 

对于$ORACLE_HOME/bin/oracle程序,如果修改了该文件的权限,将会导致非oracle用户无法sqlplus本地登录。

 

 

[oracle@localhost bin]$cd $ORACLE_HOME/bin

[oracle@localhost bin]$ ls -l oracle

-rwsr-s--x 1 oracle oinstall 93362227 01-20 13:28 oracle

[oracle@localhost bin]$ chmod 777 oracle

[oracle@localhost bin]$ ls -l oracle

-rwxrwxrwx 1 oracle oinstall 93362227 01-20 13:28 oracle

 

此时使用非oracle用户本地登录时会出现报错

 

localhost.localdomain(jzfe)/home/jzfe>uname -a

Linux localhost.localdomain 2.6.18-164.el5 #1 SMP Tue Aug 18 15:51:54 EDT 2009 i686 i686 i386 GNU/Linux

 

localhost.localdomain(jzfe)/home/jzfe>echo $ORACLE_SID

oracle10gwk

localhost.localdomain(jzfe)/home/jzfe>id

uid=500(jzfe) gid=502(oinstall) groups=502(oinstall),503(dba)

 

localhost.localdomain(jzfe)/home/jzfe>sqlplus jzdb/jzdb

SQL*Plus: Release 10.2.0.1.0 - Production on Mon Jan 24 11:52:13 2011

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

ERROR:

ORA-01034: ORACLE not available

ORA-27123: unable to attach to shared memory segment

Linux Error: 13: Permission denied

Enter user-name:

ERROR:

ORA-01017: invalid username/password; logon denied

Enter user-name:

ERROR:

ORA-01017: invalid username/password; logon denied

SP2-0157: unable to CONNECT to ORACLE after 3 attempts, exiting SQL*Plus

localhost.localdomain(jzfe)/home/jzfe>

 

使用tns别名可正常登录

 

localhost.localdomain(jzfe)/home/jzfe>sqlplus jzdb/jzdb@oracle10gwk

SQL*Plus: Release 10.2.0.1.0 - Production on Mon Jan 24 11:52:28 2011

Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Connected to:

Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

SQL>

SQL>

SQL> Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production

With the Partitioning, OLAP and Data Mining options

localhost.localdomain(jzfe)/home/jzfe>

localhost.localdomain(jzfe)/home/jzfe>

 

另外,在Solaris 10下的$ORACLE_HOME/bin目录还有其他文件,设置了SUIDSGID

 

oracle@sunvs-a@/oracle/oracle/product/10.2.0.1/bin $ ls -l|grep ^...s

-rwsr-s--x   1 oracle   oinstall   56904  2 18 11:08 emtgtctl2

-rwsr-x---   1 root     oinstall   28832  2 18 11:25 extjob

-rwsr-s---   1 root     oinstall   15556  2 18 11:08 nmb

-rwsr-s---   1 root     oinstall   16468  2 18 11:08 nmo

-rwsr-s--x   1 oracle   oinstall 119033912  2 18 11:24 oracle

-r-sr-s---   1 root     oinstall  185304 2006   2 20 oradism

来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/20750200/viewspace-700478/,如需转载,请注明出处,否则将追究法律责任。

请登录后发表评论 登录
全部评论

注册时间:2011-04-27

  • 博文量
    73
  • 访问量
    256841