Re: Permission Denied
Date: Wed, 26 Aug 2015 15:04:34 -0400
Message-ID: <CABUxq=cgknVTTA5PSVLLv_bttYASBz_NS-2UmRXpX8FAFOyAmA_at_mail.gmail.com>
Thanks for your work on this. We appreciate it!
Carol
On Wed, Aug 26, 2015 at 3:00 PM, Peter Sharman <pete.sharman_at_oracle.com> wrote:
> Andy and I went a few rounds offline on this and the associated “Cloud
> Control patching” thread, and you’ll be pleased to know that Andy won. J
>
>
>
> Seriously, just circling back with the resolution here. The problem was
> Andy was using a named credential that had the normal user set to the
> Oracle software owner (which is of course correct) but also had RUNAS set
> to root. The end result of that was that OPatch was installed under the
> Oracle software home as root, not as oracle, and as we all know that will
> break shit. L
>
>
>
> I spoke to some of my patching colleagues in Product Management and they
> said it is actually documented somewhere that you should not have RUNAS set
> like this. I didn’t bother searching for that particular documentation as
> both myself and the relevant product manager agreed the product should not
> work that way. It should at least provide an error that you should not
> have RUNAS set, and more preferably should install OPatch as the Oracle
> software owner as that information is already specified in the named
> credential.
>
>
>
> This has been logged as bug# 21699304.
>
>
>
> Pete
>
> [image: Oracle logo]
>
> Pete Sharman
> Database Architect, DBaaS / DBLM
> Enterprise Manager Product Suite
> 33 Benson Crescent CALWELL ACT 2905 AUSTRALIA
>
> Phone: +61262924095 | | Fax: +61262925183 | | Mobile: *+61414443449
> <%2B61414443449>*
> Email: pete.sharman_at_oracle.com Twitter: _at_SharmanPete LinkedIn:
> au.linkedin.com/in/petesharman
> Website: petewhodidnottweet.com
> ------------------------------
>
> "Controlling developers is like herding cats."
>
> Kevin Loney, Oracle DBA Handbook
>
>
>
> "Oh no, it's not, it's much harder than that!"
>
> Bruce Pihlamae, long term Oracle DBA
> ------------------------------
>
>
>
> *From:* Andrew Kerber [mailto:andrew.kerber_at_gmail.com]
> *Sent:* Wednesday, August 26, 2015 10:47 PM
> *To:* Seth Miller <sethmiller.sm_at_gmail.com>
> *Cc:* Peter Sharman <pete.sharman_at_oracle.com>; Oracle-L Freelists <
> oracle-l_at_freelists.org>
> *Subject:* Re: Permission Denied
>
>
>
> No. I was able to get by the problem, it appears to be related to using
> the same credential set for both privileged and normal access from cloud
> control.
>
> Sent from my iPad
>
>
> On Aug 25, 2015, at 7:56 PM, Seth Miller <sethmiller.sm_at_gmail.com> wrote:
>
> Is this ebiz by any chance?
>
> Seth Miller
>
> On Aug 25, 2015 3:24 PM, "Peter Sharman" <pete.sharman_at_oracle.com> wrote:
>
> Sorry, been stuck in concall hell this morning.
>
> If it's using root, you must have provided it with that as a credential.
> Have you tried providing the oracle account instead?
>
> Send me the steps you've been doing offline and I'll see if I can
> reproduce it. I presume this is 12.1.0.5 but please correct me if not. I
> only have that version to test with.
>
> Pete
>
> Pete Sharman
> Database Architect, DBaaS / DBLM
> Enterprise Manager Product Suite
> 33 Benson Crescent CALWELL ACT 2905 AUSTRALIA
> Phone: +61262924095 | | Fax: +61262925183 | | Mobile: +61414443449
> Email: pete.sharman_at_oracle.com Twitter: _at_SharmanPete LinkedIn:
> au.linkedin.com/in/petesharman
> Website: petewhodidnottweet.com
>
> "Controlling developers is like herding cats."
> Kevin Loney, Oracle DBA Handbook
>
> "Oh no, it's not, it's much harder than that!"
> Bruce Pihlamae, long term Oracle DBA
>
>
> -----Original Message-----
> From: Andrew Kerber [mailto:andrew.kerber_at_gmail.com]
> Sent: Wednesday, August 26, 2015 5:32 AM
> To: ORACLE-L <Oracle-L_at_freelists.org>
> Subject: Re: Permission Denied
>
> Ok. I have been working this further, and it appears that OEM is logged
> in as root and attempting a local connection to the database (not using
> TNS) to check the status. Is this a bug? Any thoughts?
>
> Sent from my iPad
>
> > On Aug 25, 2015, at 12:03 PM, Andrew Kerber <andrew.kerber_at_gmail.com>
> wrote:
> >
> >
> > Ok, this is driving me nuts. I am getting the output below from oem
> cloud control when I run the analyze piece of the patch plan.
> > And I cannot figure out what is causing it. I can ssh to the database
> > server from my cloud control server, I can ping it, tnsping it, and
> > run sqlplus using sqlnet to connect to the target database. But every
> time I analyze the patch plan from cloud control I get the error below.
> Normally this would be a firewall or hosts.allow issue, but I dont have any
> problems when I run the commands from the OMS server a the OS level. Any
> ideas?
> >
> >
> > Tue Aug 25 11:47:22 2015 - Finding the current state of the database
> [/apps/orabase/product/12.1.0.2/dbhome_1 (OH), mytest (SID)] ...
> >
> > Tue Aug 25 11:47:22 2015 - onWindows =>, isRunning => 1
> >
> > Tue Aug 25 11:47:22 2015 -
> > SQL*Plus: Release 12.1.0.2.0 Production on Tue Aug 25 11:47:22 2015
> > Copyright (c) 1982, 2014, Oracle. All rights reserved.
> > SQL> SQL> ERROR:
> > ORA-12546: TNS:permission denied
> >
> >
> > Sent from my iPad
> --
> http://www.freelists.org/webpage/oracle-l
>
>
> --
> http://www.freelists.org/webpage/oracle-l
>
>
-- http://www.freelists.org/webpage/oracle-lReceived on Wed Aug 26 2015 - 21:04:34 CEST