Re: Install & configure Grid Infrastructure /ASM

From: Sandra Becker <sbecker6925_at_gmail.com>
Date: Tue, 24 Nov 2015 07:57:14 -0700
Message-ID: <CAJzM94DYTKcM+73N+0QtV03ZvNPL82w=VY1mdtou5XeU8CjubA_at_mail.gmail.com>

Thank you for your responses. I delved a little deeper and the Oracle docs say to make sure oracle is the owner during the install. When you run root.sh, it changes the ownership and permissions. Also found that in our environment, the oracle user is not allowed to create sub-directories under certain directories. I've got the correct commands and understand why they should be that way in my documentation now.

Sandy

On Tue, Nov 24, 2015 at 6:46 AM, Jeremy Schneider < jeremy.schneider_at_ardentperf.com> wrote:

> Grid Infrastructure has this (poorly-documented) concept called
> "locking" the home, which - perhaps among other things - means
> changing the ownership to root and permissions to 755.
>
> My guess on one reason is security; unlike the DB home, GI has
> binaries that are executed by root. I think that if any directories
> can be changed by a non-root user than that non-root user could rename
> the directories and substitute their own trojan binary which would be
> launched as the root user giving them complete access on the system.
> Thus it would be very insecure if any directories in the path up to
> the root-executed binaries are not "locked" and non-root users can
> modify them.
>
> The "reason" above is my own guess, but you can find some actual
> documentation about basics of locking and unlocking grid homes here:
>
> https://docs.oracle.com/cd/E11882_01/rac.112/e17264/softpatch2.htm#TDPRC605
>
> As Andrew said though, the directories are definitely not required to
> be created by root. In fact you *need* to change the ownership back
> to grid/oracle before installing, patching, etc. Now -- if you're
> creating "/u01" then you'll probably need to be root initially since
> [hopefully] non-root users don't have write access in the /
> directory!! But the root user can change the ownership of this
> directory to grid/oracle then you can proceed as the non-root user
> from there.
>
> Follow the Oracle docs closely and you should be fine. You should not
> have to mess around directly with ownership as long as everything was
> setup correctly to start.
>
> -Jeremy
>
> --
> http://about.me/jeremy_schneider
>
>
> On Mon, Nov 23, 2015 at 11:33 AM, Sandra Becker <sbecker6925_at_gmail.com>
> wrote:
> > Oracle EE, versions 11.2.0.4 and 12.1.0.2
> >
> > I am testing and documenting the installation of 11.2.0.4 Grid
> > Infrastructure / ASM and then upgrading it to 12.1.0.2. Another DBA on
> the
> > team gave me instructions he used last year to upgrade from 11.2.0.2 to
> > 11.2.0.4 as a starting point. I've had to make several changes for the
> 12c
> > upgrade, which I expected.
> >
> > Question 1: His document says the grid home directory must be created by
> > the root user and the group changed to dba (they don't use oinstall here)
> > and the permissions should be 775. Is this correct? I'm new to
> Grid/ASM so
> > I'm not sure.
> >
> > Question 2: Assuming the directory should be owned by root, why would
> that
> > be the case rather than owned by the oracle user?
> >
> > I appreciate any direction you can provide me.
> >
> > --
> > Sandy B.
> >
>

-- 
Sandy B.

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Nov 24 2015 - 15:57:14 CET

This message: [ Message body ]
Next message: Iggy Fernandez: "RE: OT: Apress ebooks $10 starting Friday"
Previous message: Jeremy Schneider: "Re: Install & configure Grid Infrastructure /ASM"
In reply to: Jeremy Schneider: "Re: Install & configure Grid Infrastructure /ASM"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message