Oracle中的特殊权限设置
在安装ORACLE后,需要以root用户运行root.sh。root.sh都作了那些操作呢?
版本:
[oracle@bnet95 ~]$ sqlplus / as sysdba
SQL*Plus: Release 10.2.0.1.0 - Production on Mon Sep 30 10:28:01 2013
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - Production
With the Partitioning, OLAP and Data Mining options
#
# Default values set by Installer
#
ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
ORACLE_OWNER=oracle
1,确认当前用户为root用户
RUID=`/usr/bin/id|$AWK -F\( '{print $2}'|$AWK -F\) '{print $1}'`
if [ ${RUID} != "root" ];then
$ECHO "You must be logged in as root to run root.sh."| $TEE -a $LOG
$ECHO "Log in as root and restart root.sh execution."| $TEE -a $LOG
exit 1
fi
2,在/usr/local/bin下复制dbhome,oraenv,coraenv:
LBIN=/usr/local/bin
if [ ! -d $LBIN ];then
$ECHO "Creating ${LBIN} directory..."| $TEE -a $LOG
$MKDIR -p ${LBIN} 2>&1| $TEE -a $LOG
$CHMOD 755 ${LBIN} 2>&1| $TEE -a $LOG
fi
DBHOME=$ORACLE_HOME/bin/dbhome
ORAENV=$ORACLE_HOME/bin/oraenv
CORAENV=$ORACLE_HOME/bin/coraenv
FILES="$DBHOME $ORAENV $CORAENV"
for f in $FILES ; do
if [ -f $f ] ; then
$CHMOD 755 $f 2>&1 2>> $LOG
short_f=`$ECHO $f | $SED 's;.*/;;'`
lbin_f=$LBIN/$short_f
if [ -f $lbin_f -a $SILENT -eq 0 ] ; then
$ECHO $n "The file \"$short_f\" already exists in $LBIN. Overwrite it? (y/n) $C"
DEFLT='n'; . $ORACLE_HOME/install/utl/read.sh; VERWRITE=$RDVAR
else
VERWRITE='y';
fi
if [ "$OVERWRITE" = "y" -o "$OVERWRITE" = "Y" ] ; then
$CP $f $LBIN 2>&1 2>> $LOG
$CHOWN $ORACLE_OWNER $LBIN/`$ECHO $f | $AWK -F/ '{print $NF}'` 2>&1 2>> $LOG
$ECHO " Copying $short_f to $LBIN ..."
fi
fi
done
$ECHO ""
3,/etc/oratab:
#
# Make sure an oratab file exists on this system
#
if [ ! -s ${ORATAB} ];then
$ECHO
$ECHO "Creating ${ORATAB} file..."| $TEE -a $LOG
if [ ! -d ${ORATABLOC} ];then
$MKDIR -p ${ORATABLOC}
fi
$CAT <> ${ORATAB}
#
# This file is used by ORACLE utilities. It is created by root.sh
# and updated by the Database Configuration Assistant when creating
# a database.
# A colon, ':', is used as the field terminator. A new line terminates
# the entry. Lines beginning with a pound sign, '#', are comments.
#
# Entries are of the form.:
# \$ORACLE_SID:\$ORACLE_HOME::
#
# The first and second fields are the system identifier and home
# directory of the database respectively. The third filed indicates
# to the dbstart utility that the database should , "Y", or should not,
# "N", be brought up at system boot time.
#
# Multiple entries with the same \$ORACLE_SID are not allowed.
#
#
!
fi
$CHOWN $ORACLE_OWNER ${ORATAB}
$CHMOD 664 ${ORATAB}
#
# If there is an old entry with no sid and same oracle home,
# that entry will be marked as a comment.
#
FOUND_OLD=`$GREP "^*:${ORACLE_HOME}:" ${ORATAB}`
if [ -n "${FOUND_OLD}" ];then
$SED -e "s?^*:$ORACLE_HOME:?# *:$ORACLE_HOME:?" $ORATAB > $TMPORATB
$CAT $TMPORATB > $ORATAB
$RM -f $TMPORATB 2>/dev/null
fi
#
# Add generic *:$ORACLE_HOME:N to oratab
#
$ECHO "Entries will be added to the ${ORATAB} file as needed by"| $TEE -a $LOG
$ECHO "Database Configuration Assistant when a database is created"| $TEE -a $LOG
#
# Append the dbca temporary oratab entry to oratab
# In the case of ASM and RAC install, oratab is not yet created when root.sh
# is run, so we need to check for its existence before attempting to append it.
#
if [ -f $ORACLE_HOME/install/oratab ]
then
$CAT $ORACLE_HOME/install/oratab >> $ORATAB
fi
4,取消$ORACLE_HOME下文件组的写权限:
#
#
# Change mode to remove group write permission on Oracle home
#
$CHMOD -R g-w $ORACLE_HOME
5,部分可执行文件的特殊权限
# change owner and permissions of the remote operations executible
$CHOWN root $ORACLE_HOME/bin/nmo
$CHMOD 6750 $ORACLE_HOME/bin/nmo
# change owner and permissions of the program that does memory computations
$CHOWN root $ORACLE_HOME/bin/nmb
$CHMOD 6750 $ORACLE_HOME/bin/nmb
# remove backup copies if they exist
if [ -f $ORACLE_HOME/bin/nmo.bak ]; then
$RM $ORACLE_HOME/bin/nmo.bak
fi
if [ -f $ORACLE_HOME/bin/nmb.bak ]; then
$RM $ORACLE_HOME/bin/nmb.bak
fi
#change permissions on emdctl and emagent
$CHMOD 700 $ORACLE_HOME/bin/emagent
$CHMOD 700 $ORACLE_HOME/bin/emdctl
验证:
[oracle@bnet95 bin]$ cd $ORACLE_HOME/bin
[oracle@bnet95 bin]$ find . -perm -4000
./nmb
./nmo
./emtgtctl2
./oradism
./extjob
./oracle
[oracle@bnet95 bin]$ find . -perm -2000
./nmb
./nmo
./emtgtctl2
./oradism
./extjob
./oracle
[oracle@bnet95 bin]$ find . -perm -1000
[oracle@bnet95 bin]$
[oracle@bnet95 bin]$ ls -lrt|grep "^...s"
-r-sr-s--- 1 root oinstall 0 Jul 1 2005 oradism
-rwsr-sr-x 1 oracle oinstall 93362227 May 31 2010 oracle
-rwsr-s--- 1 root oinstall 19320 May 31 2010 nmo
-rwsr-s--- 1 root oinstall 18218 May 31 2010 nmb
-rwsr-sr-x 1 oracle oinstall 93038 May 31 2010 emtgtctl2
-r-sr-sr-x 1 nobody nobody 57420 May 31 2010 extjob
针对setuid的设置,nmo、nmb、oradism运行时使用root权限,extjob运行时使用nobody权限,oracle、emtgtctl2运行时使用oracle权限。
6,网络相关权限
#
# Root Actions related to network
#
:
if [ ! -d /var/tmp/.oracle ]
then
$MKDIR -p /var/tmp/.oracle;
fi
$CHMOD 01777 /var/tmp/.oracle
$CHOWN root /var/tmp/.oracle
if [ ! -d /tmp/.oracle ]
then
$MKDIR -p /tmp/.oracle;
fi
$CHMOD 01777 /tmp/.oracle
$CHOWN root /tmp/.oracle
if [ -f $ORACLE_HOME/bin/oradism ]; then
$CHOWN root $ORACLE_HOME/bin/oradism
$CHMOD 06550 $ORACLE_HOME/bin/oradism
fi
# remove backup copy
if [ -f $ORACLE_HOME/bin/oradism.old ]; then
$RM -f $ORACLE_HOME/bin/oradism.old
fi
7,extjob权限
if [ -f $ORACLE_HOME/bin/extjob ]; then
$CHOWN nobody $ORACLE_HOME/bin/extjob
$CHGRP nobody $ORACLE_HOME/bin/extjob
$CHMOD 6555 $ORACLE_HOME/bin/extjob
fi
8,filemap相关:
# The filemap binaries need to exist under /opt/ORCLfmap/prot1_X where
# X is either 32 for 32-bit Solaris machines and 64 for 64-bit Solaris
# machines.
#
# Other UNIX platforms will have to do something similar
RM=rm
ORCLFMAPLOC=/opt/ORCLfmap
FILEMAPLOC=$ORCLFMAPLOC/prot1_32 # needs to be prot1_64 for 64 bit platforms
if [ ! -d $ORCLFMAPLOC ];then
$MKDIR $ORCLFMAPLOC
fi
if [ ! -d $FILEMAPLOC ];then
$MKDIR $FILEMAPLOC
fi
if [ ! -d $FILEMAPLOC/bin ];then
$MKDIR $FILEMAPLOC/bin
fi
if [ ! -d $FILEMAPLOC/etc ];then
$MKDIR $FILEMAPLOC/etc
fi
if [ ! -d $FILEMAPLOC/log ];then
$MKDIR $FILEMAPLOC/log
fi
$CP $ORACLE_HOME/bin/fmputl $FILEMAPLOC/bin
$CP $ORACLE_HOME/bin/fmputlhp $FILEMAPLOC/bin
$CHMOD 550 $FILEMAPLOC/bin/fmputl
$CHMOD 4555 $FILEMAPLOC/bin/fmputlhp
if [ ! -f $FILEMAPLOC/etc/filemap.ora ];then
$CP $ORACLE_HOME/rdbms/install/filemap.ora $FILEMAPLOC/etc
fi
来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/18922393/viewspace-749170/,如需转载,请注明出处,否则将追究法律责任。
转载于:http://blog.itpub.net/18922393/viewspace-749170/