Oracle RAC 环境的权限是比较复杂的,如果误操作导致了相关目录或者文件权限不正确就会影响到 GI 的运行,比如常见的 crsctl 资源显示为:UNKNOWN,或者通过 srvctl 无法控制资源,只能通过 SQL 命令来操作,Oracle 提供了更简单的方法来修正 GI 的权限。
目录
方法一:cluvfy 工具
1 使用 cluvfy 工具验证 GI 权限
[root@TEST01 ~]# su - grid
[grid@TEST01 ~]$ cluvfy comp software -n all -verbose
验证 软件
检查: 软件
1178 个文件已验证
软件检查通过
软件 的验证成功。
[grid@TEST01 ~]$复制2 通过安装文件验证 GI 权限
在 GI 的安装过程中,所有权限的目录都保存在如下 2 个文件中,可以通过查看这些文件来对比相关的权限。
[grid@TEST01 ~]$ cd $ORACLE_HOME/crs/utl
[grid@TEST01 utl]$ pwd
/app/11.2.0/grid/crs/utl
[grid@TEST01 utl]$ ll crsconfig_*
-rw-r--r-- 1 root root 7973 7月 1 2020 crsconfig_dirs
-rw-r--r-- 1 root root 12147 7月 1 2020 crsconfig_fileperms
-rw-r--r-- 1 root root 11028 7月 1 2020 crsconfig_files
[grid@TEST01 utl]$复制crsconfig_dirs: 该文件记录了 CRS 中所有的目录及其对应的权限。
[grid@TEST01 ~]$ cat /app/11.2.0/grid/crs/utl/crsconfig_dirs
# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
# The values in each line use the following format:
#
# OSLIST DIRNAME OWNER GROUP CLOSED-PERMS OPEN-PERMS
#
# Note:
# 1) OSLIST is a comma-separated list of platforms on which the directory
# needs to be created. 'all' indicates that the directory needs to be
# created on every platform. OSLIST MUST NOT contain whitespace.
# 2) Permissions need to be specified AS OCTAL NUMBERS. If permissions are
# not specified, default (umask) values will be used.
#
# TBD: OPEN-PERMS need to be added for each dir
all /app/11.2.0/grid/cdata grid oinstall 0775
all /app/11.2.0/grid/cdata/olenwms-cluster grid oinstall 0775
all /app/11.2.0/grid/cfgtoollogs grid oinstall 0775
all /app/11.2.0/grid/cfgtoollogs/crsconfig grid oinstall 0775
all /app/11.2.0/grid/log grid oinstall 0775
all /app/11.2.0/grid/log/TEST01 root oinstall 01755
all /app/11.2.0/grid/log/TEST01/crsd root oinstall 0750
all /app/11.2.0/grid/log/TEST01/ctssd root oinstall 0750
all /app/11.2.0/grid/log/TEST01/evmd grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/cssd grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/mdnsd grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/gpnpd grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/gnsd root oinstall 0750
all /app/11.2.0/grid/log/TEST01/srvm grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/gipcd grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/diskmon grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/cvu grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/cvu/cvulog grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/cvu/cvutrc grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/acfssec root oinstall 0755
all /app/11.2.0/grid/log/TEST01/acfsrepl grid oinstall 0750
all /app/11.2.0/grid/log/TEST01/acfslog grid oinstall 0750
all /app/11.2.0/grid/cdata/localhost grid oinstall 0755
all /app/11.2.0/grid/cdata/TEST01 grid oinstall 0755
all /app/11.2.0/grid/cv grid oinstall 0775
all /app/11.2.0/grid/cv/log grid oinstall 0775
all /app/11.2.0/grid/cv/init grid oinstall 0775
all /app/11.2.0/grid/cv/report grid oinstall 0775
all /app/11.2.0/grid/cv/report/html grid oinstall 0775
all /app/11.2.0/grid/cv/report/text grid oinstall 0775
all /app/11.2.0/grid/cv/report/xml grid oinstall 0775
# These dirs must be owned by crsuser in SIHA, and $SUPERUSER in cluster env.
# 'HAS_USER' is set appropriately in roothas.pl and rootcrs.pl for this
# purpose
all /app/11.2.0/grid/log/TEST01/ohasd root oinstall 0750
all /app/11.2.0/grid/lib root oinstall 0755
all /app/11.2.0/grid/bin root oinstall 0755
all /app/11.2.0/grid/log/TEST01/agent root oinstall 01775
all /app/11.2.0/grid/log/TEST01/agent/crsd root oinstall 01777
all /app/11.2.0/grid/log/TEST01/agent/ohasd root oinstall 01775
all /app/11.2.0/grid/log/TEST01/client grid oinstall 01777
all /app/11.2.0/grid/log/TEST01/racg grid oinstall 01775
all /app/11.2.0/grid/log/TEST01/racg/racgmain grid oinstall 01777
all /app/11.2.0/grid/log/TEST01/racg/racgeut grid oinstall 01777
all /app/11.2.0/grid/log/TEST01/racg/racgevtf grid oinstall 01777
all /app/11.2.0/grid/log/TEST01/admin grid oinstall 0750
all /app/11.2.0/grid/log/diag/clients grid asmadmin 01770
all /app/11.2.0/grid/evm grid oinstall 0750
all /app/11.2.0/grid/evm/init grid oinstall 0750
all /app/11.2.0/grid/auth/evm/TEST01 root oinstall 01777
all /app/11.2.0/grid/evm/log grid oinstall 01770
all /app/11.2.0/grid/eons/init grid oinstall 0750
all /app/11.2.0/grid/auth/ohasd/TEST01 root oinstall 01777
all /app/11.2.0/grid/mdns grid oinstall 0750
all /app/11.2.0/grid/mdns/init grid oinstall 0750
all /app/11.2.0/grid/gipc grid oinstall 0750
all /app/11.2.0/grid/gipc/init grid oinstall 0750
all /app/11.2.0/grid/gnsd root oinstall 0750
all /app/11.2.0/grid/gnsd/init root oinstall 0750
all /app/11.2.0/grid/gpnp grid oinstall 0750
all /app/11.2.0/grid/gpnp/init grid oinstall 0750
all /app/11.2.0/grid/ohasd grid oinstall 0750
all /app/11.2.0/grid/ohasd/init grid oinstall 0750
all /app/11.2.0/grid/gpnp grid oinstall 0750
all /app/11.2.0/grid/gpnp/profiles grid oinstall 0750
all /app/11.2.0/grid/gpnp/profiles/peer grid oinstall 0750
all /app/11.2.0/grid/gpnp/wallets grid oinstall 01750
all /app/11.2.0/grid/gpnp/wallets/root grid oinstall 01700
all /app/11.2.0/grid/gpnp/wallets/prdr grid oinstall 01750
all /app/11.2.0/grid/gpnp/wallets/peer grid oinstall 01700
all /app/11.2.0/grid/gpnp/wallets/pa grid oinstall 01700
all /app/11.2.0/grid/mdns grid oinstall 0750
all /app/11.2.0/grid/gpnp grid oinstall 0750
all /app/11.2.0/grid/gpnp/TEST01/profiles grid oinstall 0750
all /app/11.2.0/grid/gpnp/TEST01/profiles/peer grid oinstall 0750
all /app/11.2.0/grid/gpnp/TEST01/wallets grid oinstall 01750
all /app/11.2.0/grid/gpnp/TEST01/wallets/root grid oinstall 01700
all /app/11.2.0/grid/gpnp/TEST01/wallets/prdr grid oinstall 01750
all /app/11.2.0/grid/gpnp/TEST01/wallets/peer grid oinstall 01700
all /app/11.2.0/grid/gpnp/TEST01/wallets/pa grid oinstall 01700
all /app/11.2.0/grid/css grid oinstall 0711
all /app/11.2.0/grid/css/init grid oinstall 0711
all /app/11.2.0/grid/css/log grid oinstall 0711
all /app/11.2.0/grid/auth/css/TEST01 root oinstall 01777
all /app/11.2.0/grid/crs root oinstall 0755
all /app/11.2.0/grid/crs/init root oinstall 0755
all /app/11.2.0/grid/crs/profile root oinstall 0755
all /app/11.2.0/grid/crs/script root oinstall 0755
all /app/11.2.0/grid/crs/template root oinstall 0755
all /app/11.2.0/grid/auth/crs/TEST01 root oinstall 01777
all /app/11.2.0/grid/crs/log grid oinstall 01750
all /app/11.2.0/grid/crs/trace grid oinstall 01750
all /app/11.2.0/grid/crs/public grid oinstall 01777
all /app/11.2.0/grid/ctss root oinstall 0755
all /app/11.2.0/grid/ctss/init root oinstall 0755
all /app/11.2.0/grid/racg/usrco grid oinstall
all /app/11.2.0/grid/racg/dump grid oinstall 0775
all /app/11.2.0/grid/srvm/admin grid oinstall 0775
all /app/11.2.0/grid/srvm/log grid oinstall 0775
all /app/11.2.0/grid/evm/admin/conf grid oinstall 0750
all /app/11.2.0/grid/evm/admin/logger grid oinstall 0750
all /app/11.2.0/grid/crf root oinstall 0750
all /app/11.2.0/grid/crf/admin root oinstall 0750
all /app/11.2.0/grid/crf/admin/run grid oinstall 0750
all /app/11.2.0/grid/crf/admin/run/crfmond root oinstall 0700
all /app/11.2.0/grid/crf/admin/run/crflogd root oinstall 0700
all /app/11.2.0/grid/crf/db root oinstall 0750
all /app/11.2.0/grid/crf/db/TEST01 root oinstall 0750
all /app/11.2.0/grid/osysmond root oinstall 0755
all /app/11.2.0/grid/osysmond/init root oinstall 0755
all /app/11.2.0/grid/ologgerd root oinstall 0755
all /app/11.2.0/grid/ologgerd/init root oinstall 0755
all /app/11.2.0/grid/log/TEST01/crfmond root oinstall 0750
all /app/11.2.0/grid/log/TEST01/crflogd root oinstall 0750
unix /etc/oracle/oprocd root oinstall 0775
unix /etc/oracle/oprocd/check root oinstall 0770
unix /etc/oracle/oprocd/stop root oinstall 0770
unix /etc/oracle/oprocd/fatal root oinstall 0770
unix /etc/oracle/scls_scr root oinstall 0755
unix /etc/oracle/scls_scr/TEST01 root oinstall 0755
unix /var/tmp/.oracle root oinstall 01777
unix /tmp/.oracle root oinstall 01777
unix /app/11.2.0/grid/log/TEST01/acfsreplroot root oinstall 0750
# create $ID, if it doesn't exist (applicable only in dev env)
unix /etc/init.d root root 0755
unix /app/11.2.0/grid root oinstall 0755
# Last Gasp files directory - change "unix" to "all"
# once Windows makes a directory decision.
unix /etc/oracle/lastgasp root oinstall 0770
unix /etc/rc.d/rc0.d root root 0755
unix /etc/rc.d/rc1.d root root 0755
unix /etc/rc.d/rc2.d root root 0755
unix /etc/rc.d/rc3.d root root 0755
unix /etc/rc.d/rc4.d root root 0755
unix /etc/rc.d/rc5.d root root 0755
unix /etc/rc.d/rc6.d root root 0755
[grid@TEST01 ~]$
crsconfig_fileperms:该文件记录了 GI 中所有文件清单及对应的权限。
[grid@TEST01 ~]$ cat /app/11.2.0/grid/crs/utl/crsconfig_fileperms
# Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved.
# The values in each line use the following format:
#
# OSLIST FILENAME OWNER GROUP PERMS
#
# Note:
# 1) OSLIST is a comma-separated list of platforms on which the file
# permissions need to be set. 'all' indicates that the directory needs
# to be created on every platform. OSLIST MUST NOT contain whitespace.
# 2) Permissions need to be specified AS OCTAL NUMBERS. If permissions
# are not specified, default (umask) values will be used.
# 3) The fields within each line of this file must be delimited by a single space
#
unix /app/11.2.0/grid/log/TEST01/alertTEST01.log grid oinstall 0664
unix /app/11.2.0/grid/bin/usrvip root oinstall 0755
unix /app/11.2.0/grid/bin/appvipcfg root oinstall 0755
unix /app/11.2.0/grid/crs/install/preupdate.sh grid oinstall 0755
unix /app/11.2.0/grid/crs/install/s_crsconfig_defs grid oinstall 0755
unix /app/11.2.0/grid/bin/cluutil grid oinstall 0755
unix /app/11.2.0/grid/bin/ocrcheck root oinstall 0755
unix /app/11.2.0/grid/bin/ocrcheck.bin root oinstall 0755
unix /app/11.2.0/grid/bin/ocrconfig root oinstall 0755
unix /app/11.2.0/grid/bin/ocrconfig.bin root oinstall 0755
unix /app/11.2.0/grid/bin/ocrdump root oinstall 0755
unix /app/11.2.0/grid/bin/ocrdump.bin root oinstall 0755
unix /app/11.2.0/grid/bin/ocrpatch root oinstall 0755
unix /app/11.2.0/grid/bin/appagent grid oinstall 0755
unix /app/11.2.0/grid/bin/clssproxy grid oinstall 0755
unix /app/11.2.0/grid/bin/cssvfupgd root oinstall 0755
unix /app/11.2.0/grid/bin/cssvfupgd.bin root oinstall 0755
unix /app/11.2.0/grid/bin/racgwrap grid oinstall 0755
unix /app/11.2.0/grid/bin/cemutls grid oinstall 0755
unix /app/11.2.0/grid/bin/cemutlo grid oinstall 0755
unix /app/11.2.0/grid/bin/crs_getperm grid oinstall 0755
unix /app/11.2.0/grid/bin/crs_profile grid oinstall 0755
unix /app/11.2.0/grid/bin/crs_register grid oinstall 0755
unix /app/11.2.0/grid/bin/crs_relocate grid oinstall 0755
unix /app/11.2.0/grid/bin/crs_setperm grid oinstall 0755
unix /app/11.2.0/grid/bin/crs_start grid oinstall 0755
unix /app/11.2.0/grid/bin/crs_stat grid oinstall 0755
unix /app/11.2.0/grid/bin/crs_stop grid oinstall 0755
unix /app/11.2.0/grid/bin/crs_unregister grid oinstall 0755
unix /app/11.2.0/grid/bin/gipcd grid oinstall 0755
unix /app/11.2.0/grid/bin/mdnsd grid oinstall 0755
unix /app/11.2.0/grid/bin/gpnpd grid oinstall 0755
unix /app/11.2.0/grid/bin/gpnptool grid oinstall 0755
unix /app/11.2.0/grid/bin/oranetmonitor grid oinstall 0755
unix /app/11.2.0/grid/bin/rdtool grid oinstall 0755
unix /app/11.2.0/grid/bin/octssd root oinstall 0741
unix /app/11.2.0/grid/bin/octssd.bin root oinstall 0741
unix /app/11.2.0/grid/bin/ohasd root oinstall 0741
unix /app/11.2.0/grid/bin/ohasd.bin root oinstall 0741
unix /app/11.2.0/grid/bin/crsd root oinstall 0741
unix /app/11.2.0/grid/bin/crsd.bin root oinstall 0741
unix /app/11.2.0/grid/bin/evmd grid oinstall 0755
unix /app/11.2.0/grid/bin/evminfo grid oinstall 0755
unix /app/11.2.0/grid/bin/evmlogger grid oinstall 0755
unix /app/11.2.0/grid/bin/evmmkbin grid oinstall 0755
unix /app/11.2.0/grid/bin/evmmklib grid oinstall 0755
unix /app/11.2.0/grid/bin/evmpost grid oinstall 0755
unix /app/11.2.0/grid/bin/evmshow grid oinstall 0755
unix /app/11.2.0/grid/bin/evmsort grid oinstall 0755
unix /app/11.2.0/grid/bin/evmwatch grid oinstall 0755
unix /app/11.2.0/grid/bin/lsnodes grid oinstall 0755
unix /app/11.2.0/grid/bin/oifcfg grid oinstall 0755
unix /app/11.2.0/grid/bin/olsnodes grid oinstall 0755
unix /app/11.2.0/grid/bin/oraagent grid oinstall 0755
unix /app/11.2.0/grid/bin/orarootagent root oinstall 0741
unix /app/11.2.0/grid/bin/orarootagent.bin root oinstall 0741
unix /app/11.2.0/grid/bin/scriptagent grid oinstall 0755
unix /app/11.2.0/grid/bin/lsdb grid oinstall 0755
unix /app/11.2.0/grid/bin/emcrsp grid oinstall 0755
unix /app/11.2.0/grid/bin/onsctl grid oinstall 0755
unix /app/11.2.0/grid/crs/install/onsconfig grid oinstall 0554
unix /app/11.2.0/grid/bin/gnsd root oinstall 0741
unix /app/11.2.0/grid/bin/gnsd.bin root oinstall 0741
unix /app/11.2.0/grid/bin/gsd.sh grid oinstall 0755
unix /app/11.2.0/grid/bin/gsdctl grid oinstall 0755
unix /app/11.2.0/grid/bin/scrctl grid oinstall 0750
unix /app/11.2.0/grid/bin/vipca grid oinstall 0755
unix /app/11.2.0/grid/bin/oc4jctl grid oinstall 0755
unix /app/11.2.0/grid/bin/cvures grid oinstall 0755
unix /app/11.2.0/grid/bin/odnsd grid oinstall 0755
unix /app/11.2.0/grid/bin/qosctl grid oinstall 0755
unix /app/11.2.0/grid/crs/install/cmdllroot.sh grid oinstall 0755
unix /app/11.2.0/grid/crs/utl/rootdelete.sh root root 0755
unix /app/11.2.0/grid/crs/utl/rootdeletenode.sh root root 0755
unix /app/11.2.0/grid/crs/utl/rootdeinstall.sh root root 0755
unix /app/11.2.0/grid/crs/utl/rootaddnode.sh root root 0755
unix /app/11.2.0/grid/lib/libskgxpcompat.so grid oinstall 0644
all /app/11.2.0/grid/log/TEST01/client/olsnodes.log grid oinstall 0666
all /app/11.2.0/grid/log/TEST01/client/oifcfg.log grid oinstall 0666
unix /app/11.2.0/grid/bin/srvctl root oinstall 0755
unix /app/11.2.0/grid/bin/cluvfy root oinstall 0755
unix /app/11.2.0/grid/bin/clsecho root oinstall 0755
unix /app/11.2.0/grid/bin/clsecho.bin root oinstall 0755
unix /app/11.2.0/grid/bin/clscfg root oinstall 0755
unix /app/11.2.0/grid/bin/clscfg.bin root oinstall 0755
unix /app/11.2.0/grid/bin/clsfmt root oinstall 0755
unix /app/11.2.0/grid/bin/clsfmt.bin root oinstall 0755
unix /app/11.2.0/grid/bin/clsid grid oinstall 0755
unix /app/11.2.0/grid/bin/crsctl root oinstall 0755
unix /app/11.2.0/grid/bin/crsctl.bin root oinstall 0755
unix /app/11.2.0/grid/bin/ndfnceca grid oinstall 0750
unix /app/11.2.0/grid/bin/oclskd root oinstall 0755
unix /app/11.2.0/grid/bin/oclskd.bin root oinstall 0751
unix /app/11.2.0/grid/bin/oclsomon grid oinstall 0755
unix /app/11.2.0/grid/bin/oclsvmon grid oinstall 0755
unix /app/11.2.0/grid/bin/ocssd grid oinstall 0755
unix /app/11.2.0/grid/bin/cssdagent root oinstall 0741
unix /app/11.2.0/grid/bin/cssdagent.bin root oinstall 0741
unix /app/11.2.0/grid/bin/cssdmonitor root oinstall 0741
unix /app/11.2.0/grid/bin/cssdmonitor.bin root oinstall 0741
unix /app/11.2.0/grid/bin/diskmon root oinstall 0741
unix /app/11.2.0/grid/bin/diskmon.bin root oinstall 0741
unix /app/11.2.0/grid/bin/diagcollection.sh root oinstall 0755
unix /app/11.2.0/grid/bin/oradnssd grid oinstall 0755
unix /app/11.2.0/grid/bin/oradnssd.bin grid oinstall 0755
unix /app/11.2.0/grid/bin/setasmgidwrap grid oinstall 0755
unix /app/11.2.0/grid/bin/oclumon root oinstall 0750
unix /app/11.2.0/grid/bin/oclumon.bin root oinstall 0750
unix /app/11.2.0/grid/bin/oclumon.pl grid oinstall 0750
unix /app/11.2.0/grid/bin/crswrapexece.pl root oinstall 0744
unix /app/11.2.0/grid/bin/crfsetenv root oinstall 0750
unix /app/11.2.0/grid/bin/osysmond root oinstall 0750
unix /app/11.2.0/grid/bin/osysmond.bin root oinstall 0750
unix /app/11.2.0/grid/bin/ologgerd root oinstall 0750
unix /app/11.2.0/grid/bin/ologdbg grid oinstall 0750
unix /app/11.2.0/grid/bin/ologdbg.pl grid oinstall 0750
unix /etc/oracle/setasmgid root oinstall 4710
# Jars and shared libraries used by the executables invoked by the root script
unix /app/11.2.0/grid/jlib/srvm.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/srvmasm.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/srvctl.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/srvmhas.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/gns.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/ons.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/netcfg.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/i18n.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/supercluster.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/supercluster-common.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/antlr-complete.jar root oinstall 0644
unix /app/11.2.0/grid/jlib/antlr-3.3-complete.jar root oinstall 0644
unix /app/11.2.0/grid/lib/libhasgen11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libocr11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libocrb11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libocrutl11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libclntsh.so.11.1 root oinstall 0644
unix /app/11.2.0/grid/lib/libclntshcore.so.11.1 root oinstall 0644
unix /app/11.2.0/grid/lib/libskgxn2.so root oinstall 0644
unix /app/11.2.0/grid/lib/libskgxp11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libasmclntsh11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libcell11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libnnz11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libclsra11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libgns11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libeons.so root oinstall 0644
unix /app/11.2.0/grid/lib/libonsx.so root oinstall 0644
unix /app/11.2.0/grid/lib/libeonsserver.so root oinstall 0644
unix /app/11.2.0/grid/lib/libsrvm11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libsrvmhas11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libsrvmocr11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libuini11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libgnsjni11.so root oinstall 0644
unix /app/11.2.0/grid/lib/librdjni11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libgnsjni11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libclsce11.so root oinstall 0644
unix /app/11.2.0/grid/lib/libcrf11.so root oinstall 0644
unix /app/11.2.0/grid/bin/diagcollection.pl root oinstall 0755
# crs configuration scripts invoked from rootcrs.pl
unix /app/11.2.0/grid/crs/install/crsconfig_lib.pm root oinstall 0755
unix /app/11.2.0/grid/crs/install/s_crsconfig_lib.pm root oinstall 0755
unix /app/11.2.0/grid/crs/install/crsdelete.pm root oinstall 0755
unix /app/11.2.0/grid/crs/install/crspatch.pm root oinstall 0755
unix /app/11.2.0/grid/crs/install/oracss.pm root oinstall 0755
unix /app/11.2.0/grid/crs/install/oraacfs.pm root oinstall 0755
unix /app/11.2.0/grid/crs/install/hasdconfig.pl root oinstall 0755
unix /app/11.2.0/grid/crs/install/rootcrs.pl root oinstall 0755
unix /app/11.2.0/grid/crs/install/roothas.pl root oinstall 0755
unix /app/11.2.0/grid/crs/install/preupdate.sh root oinstall 0755
unix /app/11.2.0/grid/crs/install/rootofs.sh root oinstall 0755
# XXX: required only for dev env, where inittab ($IT) is not present already
unix /etc/inittab root root 0644
# USM FILES
# Only files which will be installed with executable permissions need
# to be listed.
unix /app/11.2.0/grid/bin/acfsdriverstate root oinstall 0755
unix /app/11.2.0/grid/bin/acfsload root oinstall 0755
unix /app/11.2.0/grid/bin/acfsregistrymount root oinstall 0755
unix /app/11.2.0/grid/bin/acfsroot root oinstall 0755
unix /app/11.2.0/grid/bin/acfssinglefsmount root oinstall 0755
unix /app/11.2.0/grid/bin/acfsrepl_apply root oinstall 0755
unix /app/11.2.0/grid/bin/acfsrepl_apply.bin root oinstall 0755
unix /app/11.2.0/grid/bin/acfsreplcrs grid oinstall 0755
unix /app/11.2.0/grid/bin/acfsreplcrs.pl grid oinstall 0755
unix /app/11.2.0/grid/bin/acfsrepl_initializer root oinstall 0755
unix /app/11.2.0/grid/bin/acfsrepl_monitor grid oinstall 0755
unix /app/11.2.0/grid/bin/acfsrepl_preapply grid oinstall 0755
unix /app/11.2.0/grid/bin/acfsrepl_transport grid oinstall 0755
unix /app/11.2.0/grid/lib/acfsdriverstate.pl root oinstall 0644
unix /app/11.2.0/grid/lib/acfsload.pl root oinstall 0644
unix /app/11.2.0/grid/lib/acfsregistrymount.pl root oinstall 0644
unix /app/11.2.0/grid/lib/acfsroot.pl root oinstall 0644
unix /app/11.2.0/grid/lib/acfssinglefsmount.pl root oinstall 0644
unix /app/11.2.0/grid/lib/acfstoolsdriver.sh root oinstall 0755
unix /app/11.2.0/grid/lib/libusmacfs11.so grid oinstall 0644
#EVM config files
unix /app/11.2.0/grid/evm/admin/conf/evm.auth root oinstall 0644
unix /app/11.2.0/grid/evm/admin/conf/evmdaemon.conf root oinstall 0644
unix /app/11.2.0/grid/evm/admin/conf/evmlogger.conf root oinstall 0644
# TFA files
unix /app/11.2.0/grid/crs/install/tfa_setup.sh root oinstall 0755
unix /app/11.2.0/grid/cdata/TEST01.olr root oinstall 0600
unix /etc/oracle/olr.loc root oinstall 0644
unix /etc/oracle/ocr.loc root oinstall 0644
[grid@TEST01 ~]$复制3 自动修正 GI 权限
如果通过前面的检查发现有目录或者权限不正确,在调用 rootcrs.pl 或 roothas.pl 时加上 - init 选项,会自动重置所有目录和文件的权限。 这里要注意,在执行该命令时必须确保 CRS 是关闭状态。另外,该命令需要使用 root 用户执行。
--For 11.2:
For clustered Grid Infrastructure, as root user
# cd $ORACLE_HOME/crs/install/
# ./rootcrs.pl -init
For Standalone Grid Infrastructure, as root user
# cd $ORACLE_HOME/crs/install/
# ./roothas.pl -init
--For 12c+:
For clustered Grid Infrastructure, as root user
# cd $ORACLE_HOME/crs/install/
# ./rootcrs.sh -init
For Standalone Grid Infrastructure, as root user
# cd $ORACLE_HOME/crs/install/
# ./roothas.sh -init
[root@TEST01 ~]# cd /app/11.2.0/grid/crs/install
[root@TEST01 install]# ./rootcrs.pl -init
Using configuration parameter file: ./crsconfig_params
[root@TEST01 install]# ll /app/11.2.0/grid/cfgtoollogs/crsconfig/rootcrs_TEST01.log
-rwxrwxr-x 1 grid oinstall 132452 8月 10 17:41 /app/11.2.0/grid/cfgtoollogs/crsconfig/rootcrs_TEST01.log
[root@TEST01 install]# cat /app/11.2.0/grid/cfgtoollogs/crsconfig/rootcrs_TEST01.log复制4 手工修正 GI 权限
如果自动修正 GI 权限失败,也可以根据 crsconfig_fileperms 和 crsconfig_dirs 文件中记录的权限,手工进行修改。 手工修改是最后的方法,不要轻易进行尝试。
可根据 cluvfy comp software -n all -verbose 执行结果手工修正文件权限
/app/11.2.0/grid/bin/octssd.bin..."Permissions" 与引用不匹配
文件 "/app/11.2.0/grid/bin/octssd.bin" 的权限与预期值不匹配。[应为 = "0741"; 找到 = "0755"]
/app/11.2.0/grid/bin/ohasd.bin..."Permissions" 与引用不匹配
文件 "/app/11.2.0/grid/bin/ohasd.bin" 的权限与预期值不匹配。[应为 = "0741"; 找到 = "0755"]
/app/11.2.0/grid/bin/gnsd.bin..."Permissions" 与引用不匹配
文件 "/app/11.2.0/grid/bin/gnsd.bin" 的权限与预期值不匹配。[应为 = "0741"; 找到 = "0755"]
/app/11.2.0/grid/bin/crsd.bin..."Permissions" 与引用不匹配
文件 "/app/11.2.0/grid/bin/crsd.bin" 的权限与预期值不匹配。[应为 = "0741"; 找到 = "0755"]
/app/11.2.0/grid/bin/oclskd.bin..."Permissions" 与引用不匹配
文件 "/app/11.2.0/grid/bin/oclskd.bin" 的权限与预期值不匹配。[应为 = "0751"; 找到 = "0755"]
/app/11.2.0/grid/bin/orarootagent.bin..."Permissions" 与引用不匹配
文件 "/app/11.2.0/grid/bin/orarootagent.bin" 的权限与预期值不匹配。[应为 = "0741"; 找到 = "0755"]
文件 "/app/11.2.0/grid/oc4j/j2ee/home/lib/jms.jar" 的权限在节点上不一致。[找到 = "{0777=[TEST02], 0755=[TEST01]}"]
文件 "/app/11.2.0/grid/oc4j/j2ee/home/lib/oc4j_orb.jar" 的权限在节点上不一致。[找到 = "{0777=[TEST02], 0755=[TEST01]}"]
文件 "/app/11.2.0/grid/oc4j/j2ee/home/lib/http_client.jar" 的权限在节点上不一致。[找到 = "{0777=[TEST02], 0755=[TEST01]}"]
文件 "/app/11.2.0/grid/oc4j/j2ee/home/lib/ejb.jar" 的权限在节点上不一致。[找到 = "{0777=[TEST02], 0755=[TEST01]}"]
文件 "/app/11.2.0/grid/oc4j/j2ee/home/lib/jmxri.jar" 的权限在节点上不一致。[找到 = "{0777=[TEST02], 0755=[TEST01]}"]
文件 "/app/11.2.0/grid/oc4j/j2ee/home/lib/activation.jar" 的权限在节点上不一致。[找到 = "{0777=[TEST02], 0755=[TEST01]}"]
文件 "/app/11.2.0/grid/oc4j/j2ee/home/lib/oc4j-internal.jar" 的权限在节点上不一致。[找到 = "{0777=[TEST02], 0755=[TEST01]}"]
文件 "/app/11.2.0/grid/oc4j/j2ee/home/lib/scheduler.jar" 的权限在节点上不一致。[找到 = "{0777=[TEST02], 0755=[TEST01]}"]复制5 故障现象
[root@TEST01 ~]# su - oracle
[oracle@TEST01 ~]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.4.0 Production on Thu Aug 10 17:53:33 2023
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Connected to an idle instance.
SQL> startup
ORA-01078: failure in processing system parameters
ORA-01565: error in identifying file '+DATA/PROD/spfilePROD.ora'
ORA-17503: ksfdopn:2 Failed to open file +DATA/PROD/spfilePROD.ora
ORA-01034: ORACLE not available
ORA-27123: unable to attach to shared memory segment
IBM AIX RISC System/6000 Error: 13: Permission denied复制解决方法
[oracle@TEST01 ~]$ ls -l $ORACLE_HOME/bin/oracle
-rwxrwxr-x 1 oracle asmadmin 242786669 6月 28 15:06 /app/oracle/product/11.2.0/dbhome_1/bin/oracle
[oracle@TEST01 ~]$ chmod 6751 $ORACLE_HOME/bin/oracle
[oracle@TEST01 ~]$ ls -l $ORACLE_HOME/bin/oracle
-rwsr-s--x 1 oracle asmadmin 242786669 6月 28 15:06 /app/oracle/product/11.2.0/dbhome_1/bin/oracle复制方法二:permission.pl 脚本
参考 MOS 文档:Script to capture and restore file permission in a directory (for eg. ORACLE_HOME) (文档 ID 1515018.1)
注意:如果为 GRID_HOME 设置 RAC,请执行 permission.pl 并以 root 用户身份还原 perm-<timestamp>.cmd。
测试环境:LINUX-x64+oracle11gR2 两节点 RAC
1. 测试,修改节点 2 GRID_HOME 中所有文件权限为 oracle:oinstall
[root@TEST02 app]# cd /u01/11.2.0/grid/
[root@TEST02 grid]# chown -R oracle:oinstall ./*复制 2. 在正常节点 1 上获取目录及文件的正确权限
[root@TEST01 ~]# ll permission.pl
-rw-r--r-- 1 root root 2451 8月 10 13:44 permission.pl
[root@TEST01 ~]# chmod a+x permission.pl
[root@TEST01 ~]# ./permission.pl /app/11.2.0/grid/
Following log files are generated
logfile : permission-五-8月-11-09-26-22-2023
Command file : restore-perm-五-8月-11-09-26-22-2023.cmd
Linecount : 121455
[root@TEST01 ~]# ll *.cmd
-rw-r--r-- 1 root root 22128897 8月 11 09:27 restore-perm-五-8月-11-09-26-22-2023.cmd复制 获取权限时可先清理一些日志(如 *.aud,*.trc,*.trm 等等)以加快速度
chmod 640 "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_9271_20210929162439529004143795.aud"
chown grid:oinstall "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_20294_20210927070623536683143795.aud"
chmod 640 "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_20294_20210927070623536683143795.aud"
chown grid:oinstall "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_21127_20210415031002400070143795.aud"
chmod 640 "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_21127_20210415031002400070143795.aud"
chown grid:oinstall "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_20710_20211220101833548405143795.aud"
chmod 640 "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_20710_20211220101833548405143795.aud"
chown grid:oinstall "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_623_20211009231252092714143795.aud"
chmod 640 "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_623_20211009231252092714143795.aud"
chown grid:oinstall "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_9967_20211205150209413850143795.aud"
chmod 640 "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_9967_20211205150209413850143795.aud"
chown grid:oinstall "/app/11.2.0/grid/rdbms/audit/+ASM1_ora_25686_20211028104709089512143795.aud"复制3. 在节点 2 上使用生成的脚本对权限进行恢复
[root@TEST02 ~]# chmod a+x restore-perm-五-8月-11-09-26-22-2023.cmd
[root@TEST02 ~]# ./restore-perm-五-8月-11-09-26-22-2023.cmd > /tmp/chmod.log复制--- 注意:1.olr 在安装完成时的自动备份文件权限需要手动配置
--- 注意:2.OCR 自动备份权限需要手动配置 / app/11.2.0/grid/cdata/TEST01 权限不对会导致无法覆盖
--- 注意:3. 注意检验 GRID/ORACLE 的 home 下 bin 目录中 oracle 程序的权限 6751
4. 重启主机或者集群,检查集群状态,集群可以恢复正常;
--------------------------------------------------------------------------------
NAME TARGET STATE SERVER STATE_DETAILS
--------------------------------------------------------------------------------
Local Resources
--------------------------------------------------------------------------------
ora.CRS.dg
ONLINE ONLINE TEST01
ONLINE ONLINE TEST02
ora.DATA.dg
ONLINE ONLINE TEST01
ONLINE ONLINE TEST02
ora.LISTENER.lsnr
ONLINE ONLINE TEST01
ONLINE ONLINE TEST02
ora.asm
ONLINE ONLINE TEST01 Started
ONLINE ONLINE TEST02 Started
ora.gsd
OFFLINE OFFLINE TEST01
OFFLINE OFFLINE TEST02
ora.net1.network
ONLINE ONLINE TEST01
ONLINE ONLINE TEST02
ora.ons
ONLINE ONLINE TEST01
ONLINE ONLINE TEST02
--------------------------------------------------------------------------------
Cluster Resources
--------------------------------------------------------------------------------
ora.LISTENER_SCAN1.lsnr
1 ONLINE ONLINE TEST02
ora.cvu
1 ONLINE ONLINE TEST02
ora.oc4j
1 ONLINE ONLINE TEST02
ora.TEST.db
1 ONLINE ONLINE TEST01 Open
2 ONLINE ONLINE TEST02 Open
ora.TEST.TEST1.svc
1 ONLINE ONLINE TEST01
ora.TEST01.vip
1 ONLINE ONLINE TEST01
ora.TEST02.vip
1 ONLINE ONLINE TEST02
ora.scan1.vip
1 ONLINE ONLINE TEST02复制5. 几种重要文件的权限
1 ASM 磁盘的文件权限
检查 ASM 磁盘的权限,确认属主为 grid 用户,group 为 asmadmin,且权限为 660.
2 执行文件 oracle 的权限
检查 rdbms_home/bin/oralce 文件的权限,确认属主为 oracle 用户,group 和 asm 磁盘的 group 相同,同时黏着位被设置
如果属主出现问题会出现很多问题例如无法登录到数据库,ora-600 错误,访问 ASM 磁盘时出现问题,解决办法很简单,使用如下脚本
GI_HOME/bin/setasmgidwrap -o RDBMS_HOME/bin/oracle
3 socket 文件的权限
检查 / var/tmp/.oracle / 目录是否有创建文件的权限等。
方法三:setfacl/getfacl ACL 权限设置
1、通过一台权限正常的 Linux(最好内核版本和故障服务器相同) getfacl -R / >systemp.bak
[root@TEST01 ~]# getfacl -R /app >/rman/systemp.bak
getfacl: Removing leading '/' from absolute path names
[root@TEST01 ~]# more /rman/systemp.bak
# file: app
# owner: root
# group: oinstall
user::rwx
group::r-x
other::r-x
# file: app/oraInventory
# owner: grid
# group: oinstall
user::rwx
group::rwx
other::rwx
# file: app/oraInventory/backup
# owner: grid
# group: oinstall
user::rwx
group::rwx
other::rwx
# file: app/oraInventory/backup/2020-07-01_03-36-49PM
# owner: grid
# group: oinstall
user::rwx
group::rwx
other::rwx
# file: app/oraInventory/backup/2020-07-01_03-36-49PM/ContentsXML
# owner: grid
# group: oinstall
user::rwx
group::rwx
other::rwx
# file: app/oraInventory/backup/2020-07-01_03-36-49PM/ContentsXML/inventory.xml
# owner: grid
# group: oinstall
user::rwx
group::rwx
other::rwx复制2、如果异常服务器未重启等操作并且连接未端,可以使用 scp 命令将正常的备份文件传至异常服务器中,命令如下:
scp root@目标机器 IP:system.bak 文件路径 本地存放 system.bak 路径
也可用其他方法把 systemp.bak 移动到异常服务器中。
3、在异常服务器中执行命令 setfacl --restore=systemp.bak 即可将现在的系统权限恢复成和正常系统一样
#!/bin/bash
if [ ! -d /rman/bak ];then mkdir -p /rman/bak; fi
USERLIST=`cat /etc/passwd|egrep 'oracle|grid'|awk -F '[:]' '{print $1}'`
for n in $USERLIST
do
if [ $n = oracle ];then
Patch_base=`cat $(getent passwd $n | cut -d: -f6)/.bash_profile|grep 'export ORACLE_BASE'|awk -F '[;=]' '{print $2}'`
if [ -d $Patch_base ];then
BAK_path=$Patch_base
Patch_name=`cat $(getent passwd $n | cut -d: -f6)/.bash_profile|grep $BAK_path|awk -F '[ =]' '{print $2}'`
Pfile=`hostname`-'prem-acl'-`date +"%Y%m%d-%H%M%S"`-$Patch_name
getfacl -R $BAK_path >$Pfile.bak
tar -zcvf /rman/bak/${Pfile}.tar.gz ${Pfile}.bak
rm -f ${Pfile}.bak
fi
#echo -e "0."$n"\n1."$Patch_base"\n2."$BAK_path"\n3."$Patch_name
elif [ $n = grid ];then
Grid_path=`cat $(getent passwd $n | cut -d: -f6)/.bash_profile|egrep 'export ORACLE_HOME|export ORACLE_BASE'|awk -F '[;=]' '{print $2}'`
for m in $Grid_path
do
if [ -d $m ];then
BAK_path=$m
Patch_name=`cat $(getent passwd $n | cut -d: -f6)/.bash_profile|grep $BAK_path|grep -v PATH|awk -F '[ =]' '{print $2}'`
Patch_name=${Patch_name/ORACLE/GRID}
Pfile=`hostname`-'prem-acl'-`date +"%Y%m%d-%H%M%S"`-$Patch_name
getfacl -R $BAK_path >$Pfile.bak
tar -zcvf /rman/bak/${Pfile}.tar.gz ${Pfile}.bak
rm -f ${Pfile}.bak
fi
#echo -e "0."$m"\n1."$Grid_path"\n2."$BAK_path"\n3."$Patch_name
done
fi
done复制 注:需在 / 目录执行,否则提示找不到路径
4、reboot 重启系统
附一:RAC 环境中的目录及文件权限
grid_home 目录下的权限(此处为 /app/11.2.0/grid )
1、目录权限
特殊权限目录
| 文件 | 类型 | 权限 |
| /app/11.2.0/grid/auth | 目录 | 1777 |
| /app/11.2.0/grid/auth/css | 目录 | 1777 |
| /app/11.2.0/grid/auth/css/test02 | 目录 | 1777 |
| /app/11.2.0/grid/auth/ohasd | 目录 | 1777 |
| /app/11.2.0/grid/auth/ohasd/test02 | 目录 | 1777 |
| /app/11.2.0/grid/auth/evm | 目录 | 1777 |
| /app/11.2.0/grid/auth/evm/test02 | 目录 | 1777 |
| /app/11.2.0/grid/auth/crs | 目录 | 1777 |
| /app/11.2.0/grid/auth/crs/test02 | 目录 | 1777 |
| /app/11.2.0/grid/gpnp/test02/wallets | 目录 | 1750 |
| /app/11.2.0/grid/gpnp/test02/wallets/peer | 目录 | 1700 |
| /app/11.2.0/grid/gpnp/test02/wallets/prdr | 目录 | 1750 |
| /app/11.2.0/grid/gpnp/test02/wallets/root | 目录 | 1700 |
| /app/11.2.0/grid/gpnp/test02/wallets/pa | 目录 | 1700 |
| /app/11.2.0/grid/gpnp/wallets | 目录 | 1750 |
| /app/11.2.0/grid/gpnp/wallets/peer | 目录 | 1700 |
| /app/11.2.0/grid/gpnp/wallets/prdr | 目录 | 1750 |
| /app/11.2.0/grid/gpnp/wallets/root | 目录 | 1700 |
| /app/11.2.0/grid/gpnp/wallets/pa | 目录 | 1700 |
| /app/11.2.0/grid/log/test02 | 目录 | 1755 |
| /app/11.2.0/grid/log/test02/racg | 目录 | 1775 |
| /app/11.2.0/grid/log/test02/racg/racgeut | 目录 | 1777 |
| /app/11.2.0/grid/log/test02/racg/racgevtf | 目录 | 1777 |
| /app/11.2.0/grid/log/test02/racg/racgmain | 目录 | 1777 |
| /app/11.2.0/grid/log/test02/client | 目录 | 1777 |
| /app/11.2.0/grid/log/test02/agent | 目录 | 1775 |
| /app/11.2.0/grid/log/test02/agent/ohasd | 目录 | 1775 |
| /app/11.2.0/grid/log/test02/agent/ohasd/orarootagent_root | 目录 | 1755 |
| /app/11.2.0/grid/log/test02/agent/ohasd/oraagent_grid | 目录 | 1755 |
| /app/11.2.0/grid/log/test02/agent/ohasd/oracssdmonitor_root | 目录 | 1755 |
| /app/11.2.0/grid/log/test02/agent/ohasd/oracssdagent_root | 目录 | 1755 |
| /app/11.2.0/grid/log/test02/agent/crsd | 目录 | 1777 |
| /app/11.2.0/grid/log/test02/agent/crsd/oraagent_oracle | 目录 | 1755 |
| /app/11.2.0/grid/log/test02/agent/crsd/orarootagent_root | 目录 | 1755 |
| /app/11.2.0/grid/log/test02/agent/crsd/oraagent_grid | 目录 | 1755 |
| /app/11.2.0/grid/log/diag | 目录 | 1770 |
| /app/11.2.0/grid/log/diag/clients | 目录 | 1770 |
| /app/11.2.0/grid/evm/log | 目录 | 1770 |
| /app/11.2.0/grid/crs/public | 目录 | 1777 |
| /app/11.2.0/grid/crs/log | 目录 | 1750 |
| /app/11.2.0/grid/crs/trace | 目录 | 1750 |
2、文件权限
特殊权限文件
| 文件 | 类型 | 权限 |
| /app/11.2.0/grid/bin/extjob | 文件 | 4750 |
| /app/11.2.0/grid/bin/jssu | 文件 | 4750 |
| /app/11.2.0/grid/bin/oradism | 文件 | 4750 |
| /app/11.2.0/grid/bin/oracle | 文件 | 6751 |
grid_base 目录下的权限(此处为 /app/grid )
1、目录权限
2、文件权限
Oracle_BASE 目录下的权限 (此处为 /app/oracle )
1、目录权限
特殊权限目录
| 文件 | 类型 | 权限 |
| /app/oracle/product/11.2.0/dbhome_1/log/testvsd02 | 目录 | 1755 |
| /app/oracle/product/11.2.0/dbhome_1/log/testvsd02/client | 目录 | 1755 |
2、文件权限
特殊权限文件
| 文件 | 类型 | 权限 |
| /app/oracle/product/11.2.0/dbhome_1/bin/nmhs | 文件 | 4710 |
| /app/oracle/product/11.2.0/dbhome_1/bin/emtgtctl2 | 文件 | 6751 |
| /app/oracle/product/11.2.0/dbhome_1/bin/jssu | 文件 | 4750 |
| /app/oracle/product/11.2.0/dbhome_1/bin/oradism | 文件 | 4750 |
| /app/oracle/product/11.2.0/dbhome_1/bin/nmo | 文件 | 4710 |
| /app/oracle/product/11.2.0/dbhome_1/bin/nmb | 文件 | 4710 |
| /app/oracle/product/11.2.0/dbhome_1/bin/oracle | 文件 | 6751 |
附二:单实例下的目录权限
1、目录权限 (此处 ORACLE_BASE=/app/oracle )
| 文件 | 类型 | 权限 |
| /app/oracle/product/11.2.0/dbhome_1/log / 主机名 | 目录 | 1755 |
| /app/oracle/product/11.2.0/dbhome_1/log / 主机名 / client | 目录 | 1755 |
2、文件权限
| 文件 | 类型 | 权限 |
| /app/oracle/product/11.2.0/dbhome_1/bin/extjob | 文件 | 4750 |
| /app/oracle/product/11.2.0/dbhome_1/bin/nmhs | 文件 | 4710 |
| /app/oracle/product/11.2.0/dbhome_1/bin/oradism | 文件 | 4750 |
| /app/oracle/product/11.2.0/dbhome_1/bin/nmb | 文件 | 4710 |
| /app/oracle/product/11.2.0/dbhome_1/bin/oracle | 文件 | 6751 |
| /app/oracle/product/11.2.0/dbhome_1/bin/jssu | 文件 | 4750 |
| /app/oracle/product/11.2.0/dbhome_1/bin/emtgtctl2 | 文件 | 6751 |
| /app/oracle/product/11.2.0/dbhome_1/bin/nmo | 文件 | 4710 |
附三:备份脚本
Bak_getfacl.sh
#!/bin/bash
if [ ! -d /root/work ];then mkdir -p /root/work; fi
if [ ! -d /rman/bak ];then mkdir -p /rman/bak; fi
wget -O /root/work/permission.pl http://xxxxxxxxxxxxx/work/permission.pl 2>/dev/null
chmod +x /root/work/permission.pl
USERLIST=`cat /etc/passwd|egrep 'oracle|grid'|awk -F '[:]' '{print $1}'`
for n in $USERLIST
do
if [ $n = oracle ];then
Patch_base=`cat $(getent passwd $n | cut -d: -f6)/.bash_profile|grep 'export ORACLE_BASE'|awk -F '[;=]' '{print $2}'`
if [ -d $Patch_base ];then
BAK_path=$Patch_base
Patch_name=`cat $(getent passwd $n | cut -d: -f6)/.bash_profile|grep $BAK_path|awk -F '[ =]' '{print $2}'`
/root/work/permission.pl $BAK_path > permission.log
Cfile=`cat permission.log|grep 'restore-perm'|awk -F '[:]' '{print $2}'`
Pfile=`hostname`-'prem-per'-`date +"%Y%m%d-%H%M%S"`-$Patch_name
tar -zcvf $Pfile.tar.gz ${Cfile}
mv $Pfile.tar.gz /rman/bak/
rm -f permission-* restore-perm-* permission.log
fi
#echo -e "0."$n"\n1."$Patch_base"\n2."$BAK_path"\n3."$Patch_name
elif [ $n = grid ];then
Grid_path=`cat $(getent passwd $n | cut -d: -f6)/.bash_profile|egrep 'export ORACLE_HOME|export ORACLE_BASE'|awk -F '[;=]' '{print $2}'`
for m in $Grid_path
do
if [ -d $m ];then
BAK_path=$m
Patch_name=`cat $(getent passwd $n | cut -d: -f6)/.bash_profile|grep $BAK_path|grep -v PATH|awk -F '[ =]' '{print $2}'`
Patch_name=${Patch_name/ORACLE/GRID}
/root/work/permission.pl $BAK_path > permission.log
Cfile=`cat permission.log|grep 'restore-perm'|awk -F '[:]' '{print $2}'`
Pfile=`hostname`-'prem-per'-`date +"%Y%m%d-%H%M%S"`-$Patch_name
tar -zcvf $Pfile.tar.gz ${Cfile}
mv $Pfile.tar.gz /rman/bak/
rm -f permission-* restore-perm-* permission.log
fi
#echo -e "0."$Grid_path"\n1."$m"\n2."$BAK_path"\n3."$Patch_name
done
fi
done复制Bak_permission.sh
#!/usr/bin/perl -w
#
# Captures file permissions and the owner of the files
# useage : perm1.pl <path to capture permission>
#
# MODIFIED
# uaswatha 12th March 2018 address filename with spaces (request from customer)
use strict;
use warnings;
use File::Find;
use Sys::Hostname;
use POSIX();
my (@dir) = @ARGV;
my $linecount=0 ;
#print @ARGV, $#ARGV;
if ($#ARGV < 0) {
print "\n\nOpps....Invalid Syntax !!!!\n" ;
print "Usage : ./perm1.pl <path to capture permission>\n\n" ;
print "Example : ./perm1.pl /home/oralce\n\n" ;
exit ;
}
my $logdir=$dir[0] ;
#my ($sec, $min, $hr, $day, $mon, $year) = localtime;
##my ($dow,$mon,$date,$hr,$min,$sec,$year) = POSIX::strftime( '%a %b %d %H %M %S %Y', localtime);
my $date = POSIX::strftime( '%F-%H%M%S', localtime);
my $host=hostname;
my $logfile="permission-".$date;
my $cmdfile="restore-perm-".$host."-".$date.".cmd";
open LOGFILE, "> $logfile" or die $! ;
open CMDFILE, "> $cmdfile" or die $! ;
find(\&process_file,@dir);
print "Following log files are generated\n" ;
print "logfile : ".$logfile. "\n" ;
print "Command file : ".$cmdfile. "\n" ;
print "Linecount : ".$linecount."\n" ;
close (LOGFILE) ;
close (CMDFILE) ;
sub process_file {
my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, $atime,$mtime,$ctime,$blksize,$blocks,$username,$user,$pass,$comment,$home,$shell,$group);
my %uiduname = () ;
my %gidgname = () ;
my $filename = $File::Find::name;
#### Building uid, username hash
open (PASSWDFILE, '/etc/passwd') ;
while ( <PASSWDFILE>) {
($user,$pass,$uid,$gid,$comment,$home,$shell)=split (/:/) ;
$uiduname{$uid}=$user ;
}
close (PASSWDFILE) ;
#### Building gid, groupname hash
open (GRPFILE, '/etc/group') ;
while ( <GRPFILE>) {
($group,$pass,$gid)=split (/:/) ;
$gidgname{$gid}=$group ;
}
close (GRPFILE) ;
($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, $atime,$mtime,$ctime,$blksize,$blocks) = stat("$filename");
# printf "%o %s %s %s\n", $mode & 07777, $uiduname{$uid}, $gidgname{$gid}, $filename ;
printf LOGFILE "%o %s %s %s\n", $mode & 07777, $uiduname{$uid}, $gidgname{$gid}, "\"$filename\"" ;
printf CMDFILE "%s %s%s%s %s\n", "chown ",$uiduname{$uid}, ":", $gidgname{$gid}, "\"$filename\"" ;
printf CMDFILE "%s %o %s\n", "chmod ",$mode & 07777, "\"$filename\"" ;
# printf "%o %s %s %s\n", $mode & 07777, $uiduname{$uid}, $gidgname{$gid}, \",$filename,\" ;
$linecount++ ;
}复制Permission.pl
#!/usr/bin/perl -w
#
# Captures file permissions and the owner of the files
# useage : perm1.pl <path to capture permission>
#
# MODIFIED
# uaswatha 12th March 2018 address filename with spaces (request from customer)
use strict;
use warnings;
use File::Find;
use Sys::Hostname;
use POSIX();
my (@dir) = @ARGV;
my $linecount=0 ;
#print @ARGV, $#ARGV;
if ($#ARGV < 0) {
print "\n\nOpps....Invalid Syntax !!!!\n" ;
print "Usage : ./perm1.pl <path to capture permission>\n\n" ;
print "Example : ./perm1.pl /home/oralce\n\n" ;
exit ;
}
my $logdir=$dir[0] ;
#my ($sec, $min, $hr, $day, $mon, $year) = localtime;
##my ($dow,$mon,$date,$hr,$min,$sec,$year) = POSIX::strftime( '%a %b %d %H %M %S %Y', localtime);
my $date = POSIX::strftime( '%F-%H%M%S', localtime);
my $host=hostname;
my $logfile="permission-".$date;
my $cmdfile="restore-perm-".$host."-".$date.".cmd";
open LOGFILE, "> $logfile" or die $! ;
open CMDFILE, "> $cmdfile" or die $! ;
find(\&process_file,@dir);
print "Following log files are generated\n" ;
print "logfile : ".$logfile. "\n" ;
print "Command file : ".$cmdfile. "\n" ;
print "Linecount : ".$linecount."\n" ;
close (LOGFILE) ;
close (CMDFILE) ;
sub process_file {
my ($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, $atime,$mtime,$ctime,$blksize,$blocks,$username,$user,$pass,$comment,$home,$shell,$group);
my %uiduname = () ;
my %gidgname = () ;
my $filename = $File::Find::name;
#### Building uid, username hash
open (PASSWDFILE, '/etc/passwd') ;
while ( <PASSWDFILE>) {
($user,$pass,$uid,$gid,$comment,$home,$shell)=split (/:/) ;
$uiduname{$uid}=$user ;
}
close (PASSWDFILE) ;
#### Building gid, groupname hash
open (GRPFILE, '/etc/group') ;
while ( <GRPFILE>) {
($group,$pass,$gid)=split (/:/) ;
$gidgname{$gid}=$group ;
}
close (GRPFILE) ;
($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, $atime,$mtime,$ctime,$blksize,$blocks) = stat("$filename");
# printf "%o %s %s %s\n", $mode & 07777, $uiduname{$uid}, $gidgname{$gid}, $filename ;
printf LOGFILE "%o %s %s %s\n", $mode & 07777, $uiduname{$uid}, $gidgname{$gid}, "\"$filename\"" ;
printf CMDFILE "%s %s%s%s %s\n", "chown ",$uiduname{$uid}, ":", $gidgname{$gid}, "\"$filename\"" ;
printf CMDFILE "%s %o %s\n", "chmod ",$mode & 07777, "\"$filename\"" ;
# printf "%o %s %s %s\n", $mode & 07777, $uiduname{$uid}, $gidgname{$gid}, \",$filename,\" ;
$linecount++ ;
}复制参考:
权限比对及permission.pl运用-brjl-ChinaUnix博客
Oracle RAC软件权限修复_setasmgidwrap_小麦苗DBA宝典的博客-CSDN博客测试将RAC GRID_HOME下所有文件属组修改后的修复方式permission.pl_Yushan Bai的博客-CSDN博客
Linux setfacl/getfacl命令详解_getfacl命令的功能_Mr. Sun_的博客-CSDN博客
RAC cluvfy工具_富士康质检员张全蛋的博客-CSDN博客
文章转载自楚枫默寒,如果涉嫌侵权,请发送邮件至:contact@modb.pro进行举报,并提供相关证据,一经查实,墨天轮将立刻删除相关内容。
文章被以下合辑收录
评论
相关阅读
【专家有话说第五期】在不同年龄段,DBA应该怎样规划自己的职业发展?
墨天轮编辑部
1489次阅读
2025-03-13 11:40:53
Oracle RAC ASM 磁盘组满了,无法扩容怎么在线处理?
Lucifer三思而后行
904次阅读
2025-03-17 11:33:53
RAC 19C 删除+新增节点
gh
551次阅读
2025-03-14 15:44:18
2月“墨力原创作者计划”获奖名单公布
墨天轮编辑部
506次阅读
2025-03-13 14:38:19
Oracle DataGuard高可用性解决方案详解
孙莹
384次阅读
2025-03-26 23:27:33
墨天轮个人数说知识点合集
JiekeXu
328次阅读
2025-04-01 15:56:03
XTTS跨版本迁移升级方案(11g to 19c RAC for Linux)
zwtian
315次阅读
2025-04-08 09:12:48
Oracle SQL 执行计划分析与优化指南
Digital Observer
282次阅读
2025-04-01 11:08:44
切换Oracle归档路径后,不能正常删除原归档路径上的归档文件
dbaking
271次阅读
2025-03-19 14:41:51
风口浪尖!诚通证券扩容采购Oracle 793万...
Roger的数据库专栏
269次阅读
2025-03-24 09:42:53
