root.sh

Oracle中的特殊权限设置
在安装ORACLE后，需要以root用户运行root.sh。root.sh都作了那些操作呢？

版本：
[oracle@bnet95 ~]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 30 10:28:01 2013
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options

#
# Default values set by Installer
#

ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
ORACLE_OWNER=oracle

1,确认当前用户为root用户
RUID=`/usr/bin/id|$AWK -F\( '{print $2}'|$AWK -F\) '{print $1}'`
if [ ${RUID} != "root" ];then
  $ECHO "You must be logged in as root to run root.sh."| $TEE -a $LOG
  $ECHO "Log in as root and restart root.sh execution."| $TEE -a $LOG
  exit 1
fi

2，在/usr/local/bin下复制dbhome，oraenv，coraenv：
LBIN=/usr/local/bin
if [ ! -d $LBIN ];then
  $ECHO "Creating ${LBIN} directory..."| $TEE -a $LOG
  $MKDIR -p ${LBIN} 2>&1| $TEE -a $LOG
  $CHMOD 755 ${LBIN} 2>&1| $TEE -a $LOG
fi

DBHOME=$ORACLE_HOME/bin/dbhome
ORAENV=$ORACLE_HOME/bin/oraenv
CORAENV=$ORACLE_HOME/bin/coraenv
FILES="$DBHOME $ORAENV $CORAENV"

for f in $FILES ; do
  if [ -f $f ] ; then
    $CHMOD 755 $f  2>&1 2>> $LOG
    short_f=`$ECHO $f | $SED 's;.*/;;'`
    lbin_f=$LBIN/$short_f
    if [ -f $lbin_f -a $SILENT -eq 0 ] ; then
      $ECHO $n "The file \"$short_f\" already exists in $LBIN.  Overwrite it? (y/n) $C"
      DEFLT='n'; . $ORACLE_HOME/install/utl/read.sh; VERWRITE=$RDVAR   
    else
      VERWRITE='y';
    fi
    if [ "$OVERWRITE" = "y" -o "$OVERWRITE" = "Y" ] ; then
      $CP $f $LBIN  2>&1 2>>  $LOG
      $CHOWN $ORACLE_OWNER $LBIN/`$ECHO $f | $AWK -F/ '{print $NF}'` 2>&1 2>> $LOG
      $ECHO "   Copying $short_f to $LBIN ..."
    fi
  fi
done
$ECHO ""

 

3，/etc/oratab:
#
# Make sure an oratab file exists on this system
#

if [ ! -s ${ORATAB} ];then
  $ECHO
  $ECHO "Creating ${ORATAB} file..."| $TEE -a $LOG
  if [ ! -d ${ORATABLOC} ];then
    $MKDIR -p ${ORATABLOC}
  fi

  $CAT <> ${ORATAB}
#

 

# This file is used by ORACLE utilities.  It is created by root.sh
# and updated by the Database Configuration Assistant when creating
# a database.

# A colon, ':', is used as the field terminator.  A new line terminates
# the entry.  Lines beginning with a pound sign, '#', are comments.
#
# Entries are of the form.:
#   \$ORACLE_SID:\$ORACLE_HOME::
#
# The first and second fields are the system identifier and home
# directory of the database respectively.  The third filed indicates
# to the dbstart utility that the database should , "Y", or should not,
# "N", be brought up at system boot time.
#
# Multiple entries with the same \$ORACLE_SID are not allowed.
#
#
!

fi

$CHOWN $ORACLE_OWNER ${ORATAB}
$CHMOD 664 ${ORATAB}

#
# If there is an old entry with no sid and same oracle home,
# that entry will be marked as a comment.
#

FOUND_OLD=`$GREP "^*:${ORACLE_HOME}:" ${ORATAB}`
if [ -n "${FOUND_OLD}" ];then
  $SED -e "s?^*:$ORACLE_HOME:?# *:$ORACLE_HOME:?" $ORATAB > $TMPORATB
  $CAT $TMPORATB > $ORATAB
  $RM -f $TMPORATB 2>/dev/null
fi

#
# Add generic *:$ORACLE_HOME:N to oratab
#

$ECHO "Entries will be added to the ${ORATAB} file as needed by"| $TEE -a $LOG
$ECHO "Database Configuration Assistant when a database is created"| $TEE -a $LOG

#
# Append the dbca temporary oratab entry to oratab
# In the case of ASM and RAC install, oratab is not yet created when root.sh
# is run, so we need to check for its existence before attempting to append it.
#
if [ -f $ORACLE_HOME/install/oratab ]
then
  $CAT $ORACLE_HOME/install/oratab >> $ORATAB
fi

4,取消$ORACLE_HOME下文件组的写权限：
#
#
# Change mode to remove group write permission on Oracle home
#

$CHMOD -R g-w $ORACLE_HOME

5，部分可执行文件的特殊权限
# change owner and permissions of the remote operations executible
$CHOWN root $ORACLE_HOME/bin/nmo
$CHMOD 6750 $ORACLE_HOME/bin/nmo

# change owner and permissions of the program that does memory computations
$CHOWN root $ORACLE_HOME/bin/nmb
$CHMOD 6750 $ORACLE_HOME/bin/nmb

# remove backup copies if they exist
if [ -f $ORACLE_HOME/bin/nmo.bak ]; then
  $RM $ORACLE_HOME/bin/nmo.bak
fi
if [ -f $ORACLE_HOME/bin/nmb.bak ]; then
  $RM $ORACLE_HOME/bin/nmb.bak
fi

#change permissions on emdctl and emagent
$CHMOD 700 $ORACLE_HOME/bin/emagent
$CHMOD 700 $ORACLE_HOME/bin/emdctl

验证：
[oracle@bnet95 bin]$ cd $ORACLE_HOME/bin

[oracle@bnet95 bin]$ find . -perm -4000
./nmb
./nmo
./emtgtctl2
./oradism
./extjob
./oracle
[oracle@bnet95 bin]$ find . -perm -2000
./nmb
./nmo
./emtgtctl2
./oradism
./extjob
./oracle
[oracle@bnet95 bin]$ find . -perm -1000
[oracle@bnet95 bin]$

[oracle@bnet95 bin]$ ls -lrt|grep "^...s"
-r-sr-s--- 1 root   oinstall        0 Jul  1  2005 oradism
-rwsr-sr-x 1 oracle oinstall 93362227 May 31  2010 oracle
-rwsr-s--- 1 root   oinstall    19320 May 31  2010 nmo
-rwsr-s--- 1 root   oinstall    18218 May 31  2010 nmb
-rwsr-sr-x 1 oracle oinstall    93038 May 31  2010 emtgtctl2
-r-sr-sr-x 1 nobody nobody      57420 May 31  2010 extjob

针对setuid的设置，nmo、nmb、oradism运行时使用root权限，extjob运行时使用nobody权限，oracle、emtgtctl2运行时使用oracle权限。

 

6，网络相关权限
#
# Root Actions related to network
#
:
if [ ! -d /var/tmp/.oracle ]
then
  $MKDIR -p /var/tmp/.oracle;
fi

$CHMOD 01777 /var/tmp/.oracle
$CHOWN root  /var/tmp/.oracle

if [ ! -d /tmp/.oracle ]
then
  $MKDIR -p /tmp/.oracle;
fi

$CHMOD 01777 /tmp/.oracle
$CHOWN root  /tmp/.oracle

if [ -f $ORACLE_HOME/bin/oradism ]; then
        $CHOWN root $ORACLE_HOME/bin/oradism
        $CHMOD 06550 $ORACLE_HOME/bin/oradism
fi
# remove backup copy
if [ -f $ORACLE_HOME/bin/oradism.old ]; then
        $RM -f $ORACLE_HOME/bin/oradism.old
fi

7，extjob权限
if [ -f $ORACLE_HOME/bin/extjob ]; then
        $CHOWN nobody $ORACLE_HOME/bin/extjob
        $CHGRP nobody $ORACLE_HOME/bin/extjob
        $CHMOD 6555 $ORACLE_HOME/bin/extjob
fi

8，filemap相关：
# The filemap binaries need to exist under /opt/ORCLfmap/prot1_X where
# X is either 32 for 32-bit Solaris machines and 64 for 64-bit Solaris
# machines.
#
# Other UNIX platforms will have to do something similar 

RM=rm
ORCLFMAPLOC=/opt/ORCLfmap
FILEMAPLOC=$ORCLFMAPLOC/prot1_32 # needs to be prot1_64 for 64 bit platforms

if [ ! -d $ORCLFMAPLOC ];then
$MKDIR $ORCLFMAPLOC
fi
if [ ! -d $FILEMAPLOC ];then
$MKDIR $FILEMAPLOC
fi
if [ ! -d $FILEMAPLOC/bin ];then
$MKDIR $FILEMAPLOC/bin
fi
if [ ! -d $FILEMAPLOC/etc ];then
$MKDIR $FILEMAPLOC/etc
fi
if [ ! -d $FILEMAPLOC/log ];then
$MKDIR $FILEMAPLOC/log
fi

$CP $ORACLE_HOME/bin/fmputl $FILEMAPLOC/bin
$CP $ORACLE_HOME/bin/fmputlhp $FILEMAPLOC/bin
$CHMOD 550 $FILEMAPLOC/bin/fmputl
$CHMOD 4555 $FILEMAPLOC/bin/fmputlhp
if [ ! -f $FILEMAPLOC/etc/filemap.ora ];then
$CP $ORACLE_HOME/rdbms/install/filemap.ora $FILEMAPLOC/etc
fi

 

来自 “ ITPUB博客 ” ，链接：http://blog.itpub.net/18922393/viewspace-749170/，如需转载，请注明出处，否则将追究法律责任。

转载于:http://blog.itpub.net/18922393/viewspace-749170/