Re: CRS/RAC external-procedure handling

From: Greg Norris <>
Date: Fri, 22 Feb 2008 13:06:12 -0600
Message-ID: <>

For anyone who's curious, I was indeed able to convince CRS to run our extproc listener as a restricted (non-DBA) user. The steps were actually fairly simple, although I took a number of detours along the way.

  1. Create the listener in the usual manner via *netca*, and ensure that it's shutdown.
  2. Convince your friendly neighborhood SysAdmin to run the following commands, which set the CRS ownership/permissions for the listener resource, as root. The specific resource name can be determined using the * crs_stat* utility... in my case it was * ora.dkds0602.LISTENER_EXTPROC_DKDS0602.lsnr*.
$ crs_setperm RESOURCE -o USER
$ crs_setperm RESOURCE -g GROUP
$ crs_setperm RESOURCE -u user:oracle:r-x

Once this is done, it's a straightforward matter of ensuring that the relevant file and directory permissions are set correctly (listener.ora, log/trace directories, external procedure libraries, etc.), after which the listener can be started normally via the *srvctl* command.

My thanx to Dan Norris for pointing me in the right direction!

On Thu, Feb 7, 2008 at 8:44 PM, Greg Norris <> wrote:

> We're planning to migrate an existing application which requires an
> external procedure into a recently-created RAC environment on
> Solaris 10. At this point we've created a separate IPC-only listener on
> each node to handle extproc calls, and have validated that it allows us to
> invoke the procedure successfully.
> The next thing we'd like to do is get the extproc listener running as a
> limited OS user, rather than under the oracle account. Can anyone tell me
> if this is possible when the listener is managed through CRS? We don't mind
> writing a few scripts, if necessary, but would prefer not to duplicate the
> CRS monitoring/restart infrastructure.
> My apologies if this is rather basic... I'll happily accept a pointer to
> the FM to R. :) We're still a bit new to the whole CRS/RAC environment, and
> it's entirely possible that I simply don't know where to look.
> Thanx!

"I'm too sexy for my code." - Awk Sed Fred.

Received on Fri Feb 22 2008 - 13:06:12 CST

Original text of this message