How to fix permission issues of Oracle RAC?

NeilZhang
NeilZhang
管理员
140
文章
106.8千
浏览
Oracle评论5,8111字数 839阅读2分47秒阅读模式

In last month, one engineer of our customers made a mistake and changed the file permissions of the whole RAC database wrongly, including GI and DB home.

Of course the clusterware could not be started again and I was called to fix this issue.

On the Oracle support website, below two notes are related with fixing GI file permission issues:

How to check and fix file permissions on Grid Infrastructure environment (Doc ID 1931142.1)

File Permission Is Set Incorrectly After Executing "rootcrs.sh -init" To Restore Grid Infrastructure Home File Permissions. (Doc ID 2346618.1)

The first one is for Oracle 12.1&12.2 and the second one is only for 12.1.

Doc ID 1931142.1 mentioned three methods and I did all of them to make sure the file permissions were fixed thoughtfully.

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
#run as root (GRID_HOME is just for convenience):
export GRID_HOME=/home/app/12.2.0.1/grid
export PATH=$GRID_HOME/perl/bin:$PATH:$GRID_HOME/OPatch
$GRID_HOME/bin/crsctl stop crs
$GRID_HOME/crs/install/rootcrs.sh -unlock
$GRID_HOME/crs/install/rootcrs.sh -lock
#$GRID_HOME/crs/install/rootcrs.sh -patch -->12.1 should run this command and 12.2 does not support this option
These above two options mostaly are used for RAC database patching, and the effect is like:
$GRID_HOME/crs/install/rootcrs.sh -init
for single instance GI (Oracle Restart):
$GRID_HOME/crs/install/roothas.sh -init
For 11.2,need to replace rootcrs.sh/roothas.sh with rootcrs.pl/roothas.pl
As the default Perl in the system maybe is not compatiable with the Oracle perl script, so the recommended way to run them is as below:
$GRID_HOME/perl/bin/perl rootcrs.pl
#run as root (GRID_HOME is just for convenience): export GRID_HOME=/home/app/12.2.0.1/grid export PATH=$GRID_HOME/perl/bin:$PATH:$GRID_HOME/OPatch $GRID_HOME/bin/crsctl stop crs $GRID_HOME/crs/install/rootcrs.sh -unlock $GRID_HOME/crs/install/rootcrs.sh -lock #$GRID_HOME/crs/install/rootcrs.sh -patch -->12.1 should run this command and 12.2 does not support this option These above two options mostaly are used for RAC database patching, and the effect is like: $GRID_HOME/crs/install/rootcrs.sh -init for single instance GI (Oracle Restart): $GRID_HOME/crs/install/roothas.sh -init For 11.2,need to replace rootcrs.sh/roothas.sh with rootcrs.pl/roothas.pl As the default Perl in the system maybe is not compatiable with the Oracle perl script, so the recommended way to run them is as below: $GRID_HOME/perl/bin/perl rootcrs.pl
  1. #run as root (GRID_HOME is just for convenience):
  2. export GRID_HOME=/home/app/12.2.0.1/grid
  3. export PATH=$GRID_HOME/perl/bin:$PATH:$GRID_HOME/OPatch
  4. $GRID_HOME/bin/crsctl stop crs
  5. $GRID_HOME/crs/install/rootcrs.sh -unlock
  6. $GRID_HOME/crs/install/rootcrs.sh -lock
  7. #$GRID_HOME/crs/install/rootcrs.sh -patch -->12.1 should run this command and 12.2 does not support this option
  8. These above two options mostaly are used for RAC database patching, and the effect is like:
  9. $GRID_HOME/crs/install/rootcrs.sh -init
  10. for single instance GI (Oracle Restart):
  11. $GRID_HOME/crs/install/roothas.sh -init
  12. For 11.2need to replace rootcrs.sh/roothas.sh with rootcrs.pl/roothas.pl
  13. As the default Perl in the system maybe is not compatiable with the Oracle perl script, so the recommended way to run them is as below:
  14. $GRID_HOME/perl/bin/perl rootcrs.pl

There is a bug for Oracle 12.1, so maybe have to run below part separately:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
add x permission to following files under GI ORACLE_HOME
# chmod +x $GRID_HOME/bin/crs*
# chmod +x $GRID_HOME/crs/install/rootcrs.sh
run rootcrs.sh
# cd $GRID_HOME/crs/install
# rootcrs.sh -patch
add x permission to following files under GI ORACLE_HOME # chmod +x $GRID_HOME/bin/crs* # chmod +x $GRID_HOME/crs/install/rootcrs.sh run rootcrs.sh # cd $GRID_HOME/crs/install # rootcrs.sh -patch
  1. add x permission to following files under GI ORACLE_HOME
  2. # chmod +x $GRID_HOME/bin/crs*
  3. # chmod +x $GRID_HOME/crs/install/rootcrs.sh
  4. run rootcrs.sh
  5. # cd $GRID_HOME/crs/install
  6. # rootcrs.sh -patch

After the above fix, the clusterware could be started while the cluvfy command still showed lots of errors:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
#run as grid user:
cluvfy comp software -n $(hostname) -verbose
#run as grid user: cluvfy comp software -n $(hostname) -verbose
  1. #run as grid user:
  2. cluvfy comp software -n $(hostname) -verbose

Next continued to fix left issues according to the kept permission files under $GRID_HOME/crs/utl/$(hostname):

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
cat crsconfig_dirs|grep -E '(^all|^unix)'|grep -v "$GRID_HOME/racg/usrco"|while read unused fname owner group permission; do
chown $owner:$group $fname || echo failed on $fname
chmod $permission $fname || echo failed on $fname
done
chmod 755 $GRID_HOME/racg/usrco
cat crsconfig_fileperms|grep -E '(^all|^unix)'|while read unused fname owner group permission; do
chown $owner:$group $fname || echo failed on $fname
chmod $permission $fname || echo failed on $fname
done
cat crsconfig_dirs|grep -E '(^all|^unix)'|grep -v "$GRID_HOME/racg/usrco"|while read unused fname owner group permission; do chown $owner:$group $fname || echo failed on $fname chmod $permission $fname || echo failed on $fname done chmod 755 $GRID_HOME/racg/usrco cat crsconfig_fileperms|grep -E '(^all|^unix)'|while read unused fname owner group permission; do chown $owner:$group $fname || echo failed on $fname chmod $permission $fname || echo failed on $fname done
  1. cat crsconfig_dirs|grep -E '(^all|^unix)'|grep -v "$GRID_HOME/racg/usrco"|while read unused fname owner group permission; do
  2. chown $owner:$group $fname || echo failed on $fname
  3. chmod $permission $fname || echo failed on $fname
  4. done
  5. chmod 755 $GRID_HOME/racg/usrco
  6.  
  7. cat crsconfig_fileperms|grep -E '(^all|^unix)'|while read unused fname owner group permission; do
  8. chown $owner:$group $fname || echo failed on $fname
  9. chmod $permission $fname || echo failed on $fname
  10. done

Then verified the permission issue again but still got some errors, so had to fix the last part according to the output result:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
#run as grid user
cluvfy comp software -n $(hostname) -verbose |grep 'PRVG-2033.*did not match the expected'|awk -F\" '{print $2" "$6}' > /tmp/grid.perm
#run as root user:
cat /tmp/grid.perm|while read fname permission; do
chmod $permission $fname || echo failed on $fname
done
#run as grid user cluvfy comp software -n $(hostname) -verbose |grep 'PRVG-2033.*did not match the expected'|awk -F\" '{print $2" "$6}' > /tmp/grid.perm #run as root user: cat /tmp/grid.perm|while read fname permission; do chmod $permission $fname || echo failed on $fname done
  1. #run as grid user
  2. cluvfy comp software -n $(hostname) -verbose |grep 'PRVG-2033.*did not match the expected'|awk -F\" '{print $2" "$6}' > /tmp/grid.perm
  3. #run as root user:
  4. cat /tmp/grid.perm|while read fname permission; do
  5. chmod $permission $fname || echo failed on $fname
  6. done

This time the cluvfy command run successfully.

And double checked one critical file:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
ls -l $GRID_HOME/bin/oracle
-rwsr-s--x 1 grid oinstall 373913824 Dec 24 2019 /home/app/12.2.0.1/grid/bin/oracle
#If the result is different, then correct it using root user:
chown grid:oinstall $GRID_HOME/bin/oracle
chmod 6751 $GRID_HOME/bin/oracle
ls -l $GRID_HOME/bin/oracle -rwsr-s--x 1 grid oinstall 373913824 Dec 24 2019 /home/app/12.2.0.1/grid/bin/oracle #If the result is different, then correct it using root user: chown grid:oinstall $GRID_HOME/bin/oracle chmod 6751 $GRID_HOME/bin/oracle
  1. ls -l $GRID_HOME/bin/oracle
  2. -rwsr-s--x 1 grid oinstall 373913824 Dec 24 2019 /home/app/12.2.0.1/grid/bin/oracle
  3. #If the result is different, then correct it using root user:
  4. chown grid:oinstall $GRID_HOME/bin/oracle
  5. chmod 6751 $GRID_HOME/bin/oracle

Then went to fix the Oracle database home file permissions and I could not find similar ways to fix the permissions directly.

Oracle provided a perl script to duplicate permissions of a normal Oracle home and apply them on the target directory.

Script to capture and restore file permission in a directory (for eg. ORACLE_HOME) (Doc ID 1515018.1)

And below one for reference:

Oracle 11gR2 GI和DB安装目录权限属主被修改后的恢复方法

While the perl script did not work on the customer environment, so I finished the same thing using below commands:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
#On the normal database, run as root:
cd $ORACLE_HOME
find . -type d -exec stat -c "%n %U %G %a" {} \; > /tmp/orahome.dir
find . -type f -exec stat -c "%n %U %G %a" {} \; > /tmp/orahome.file
#On the target database, run as root:
cd $ORACLE_HOME
cat /tmp/orahome.dir|while read fname owner group permission; do
[[ -d $fname ]] && { chown $owner:$group $fname || echo failed on $fname; }
[[ -d $fname ]] && { chmod $permission $fname || echo failed on $fname; }
done
cat /tmp/orahome.file|while read fname owner group permission; do
[[ -f $fname ]] && { chown $owner:$group $fname || echo failed on $fname; }
[[ -f $fname ]] && { chmod $permission $fname || echo failed on $fname; }
done
#On the normal database, run as root: cd $ORACLE_HOME find . -type d -exec stat -c "%n %U %G %a" {} \; > /tmp/orahome.dir find . -type f -exec stat -c "%n %U %G %a" {} \; > /tmp/orahome.file #On the target database, run as root: cd $ORACLE_HOME cat /tmp/orahome.dir|while read fname owner group permission; do [[ -d $fname ]] && { chown $owner:$group $fname || echo failed on $fname; } [[ -d $fname ]] && { chmod $permission $fname || echo failed on $fname; } done cat /tmp/orahome.file|while read fname owner group permission; do [[ -f $fname ]] && { chown $owner:$group $fname || echo failed on $fname; } [[ -f $fname ]] && { chmod $permission $fname || echo failed on $fname; } done
  1. #On the normal database, run as root:
  2. cd $ORACLE_HOME
  3. find . -type d -exec stat -c "%n %U %G %a" {} \; > /tmp/orahome.dir
  4. find . -type f -exec stat -c "%n %U %G %a" {} \; > /tmp/orahome.file
  5.  
  6. #On the target database, run as root:
  7. cd $ORACLE_HOME
  8. cat /tmp/orahome.dir|while read fname owner group permission; do
  9. [[ -d $fname ]] && { chown $owner:$group $fname || echo failed on $fname; }
  10. [[ -d $fname ]] && { chmod $permission $fname || echo failed on $fname; }
  11. done
  12.  
  13. cat /tmp/orahome.file|while read fname owner group permission; do
  14. [[ -f $fname ]] && { chown $owner:$group $fname || echo failed on $fname; }
  15. [[ -f $fname ]] && { chmod $permission $fname || echo failed on $fname; }
  16. done

And double checked below critical file:

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
ls -l $ORACLE_HOME/bin/oracle
-rwsr-s--x 1 oracle asmadmin 409357968 May 27 07:18 /home/app/oracle/product/12.2.0.1/db1/bin/oracle
#If it is different, then correct it using root user
chown oracle:asmadmin $ORACLE_HOME/bin/oracle
chmod 6751 $ORACLE_HOME/bin/oracle
ls -l $ORACLE_HOME/bin/oracle -rwsr-s--x 1 oracle asmadmin 409357968 May 27 07:18 /home/app/oracle/product/12.2.0.1/db1/bin/oracle #If it is different, then correct it using root user chown oracle:asmadmin $ORACLE_HOME/bin/oracle chmod 6751 $ORACLE_HOME/bin/oracle
  1. ls -l $ORACLE_HOME/bin/oracle
  2. -rwsr-s--x 1 oracle asmadmin 409357968 May 27 07:18 /home/app/oracle/product/12.2.0.1/db1/bin/oracle
  3. #If it is different, then correct it using root user
  4. chown oracle:asmadmin $ORACLE_HOME/bin/oracle
  5. chmod 6751 $ORACLE_HOME/bin/oracle

Then the whole cluster worked well.

 
  • 本文由 NeilZhang 发表于10/11/2020 15:29:27
  • Repost please keep this link: https://www.dbcloudsvc.com/blogs/oracle/how-to-fix-permission-issues-of-oracle-rac/
匿名

发表评论

匿名网友
:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:
确定