- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Question on 'setuid' when starting up Oracle insta...
Operating System - HP-UX
1753479
Members
4894
Online
108794
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-28-2006 04:03 AM
09-28-2006 04:03 AM
Question on 'setuid' when starting up Oracle instance as a member of OS dba group
I'm Oracle DBA switching from Solaris/Linux to HP-UX recently. I'd appreciate some help from this forum on explaining how 'setuid' for oracle binary works differently on HP-UX when different DBA members start up database using their own unix accounts. I did not see any problem before with Solaris/Linux.
Both OS 'oracle' user and our DBAs are in the OS dba group. The OS 'oracle' user is the oracle binary owner. With the 'setuid/setgid' set on the oracle binary ($ORACLE_HOME/bin/oracle), Oracle allows the specific users (that are in OS dba group) to connect to db as SYSOPER/SYSDBA and to perform STARTUP/SHUTDOWN db without switching to OS user 'oracle'.
>ls -l $ORACLE_HOME/bin/oracle
-rwsr-s--x 1 oracle dba 38524376 Oct 16 2005 /opt/oracle/product/ora8174_64/bin/oracle
>more /etc/group | grep dba
dba::203:oracle,dbauser2,dbauser3,dbauser1,oraapp2
>more /etc/passwd | grep oracle
oracle:x:301:203::/home/oracle:/usr/bin/ksh
>more /etc/passwd | grep dbauser1
dbauser1:x:24037:203::/home/dba/dbauser1:/usr/bin/ksh
My question is that, when a dba user starts up the oracle instance as himself, the oracle processes are supposed to be owned by the oracle binary owner 'oracle' (seen on Solaris/Linux); while on HP-UX 11.23 now, we noticed that the db starter (i.e. dbauser1 in this case) appears to be the owner of those processes.
>id
uid=24037(dbauser1) gid=203(dba)
SQL> !ps -efa | grep dbauser1
dbauser1 25590 1 0 Sep 24 ? 7:50 ora_dbw0_ORCL
dbauser1 12214 1 0 Sep 24 ? 7:09 ora_arc1_ORCL
dbauser1 25604 1 0 Sep 24 ? 0:00 ora_reco_ORCL
dbauser1 25594 1 0 Sep 24 ? 7:49 ora_dbw2_ORCL
dbauser1 25602 1 0 Sep 24 ? 0:53 ora_smon_ORCL
dbauser1 25592 1 0 Sep 24 ? 7:48 ora_dbw1_ORCL
dbauser1 4134 4131 0 10:16:43 pts/te 0:00 -ksh
dbauser1 25606 1 0 Sep 24 ? 77:47 ora_snp0_ORCL
dbauser1 6693 4134 0 10:20:13 pts/te 0:00 sqlplus / as sysdba
dbauser1 25588 1 0 Sep 24 ? 0:50 ora_pmon_ORCL
dbauser1 25598 1 0 Sep 24 ? 59:09 ora_lgwr_ORCL
dbauser1 6736 6735 8 10:20:39 pts/te 0:00 ps -efa
dbauser1 25596 1 0 Sep 24 ? 7:52 ora_dbw3_ORCL
dbauser1 6735 6693 0 10:20:39 pts/te 0:00 grep dbauser1
dbauser1 6697 1 0 10:20:13 ? 0:00 oracleORCL
(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))
dbauser1 25600 1 0 Sep 24 ? 1:58 ora_ckpt_ORCL
dbauser1 25608 1 0 Sep 24 ? 9:13 ora_arc0_ORCL
This may be good to show the real userid on HP-UX but seems to be confusing because we may wonder if it's safe to have an individual owns the oracle processes.
I checked the file /etc/mnttab on server and did not see the 'nosuid' option set for '/dev/vgsw01/lvol17' that is used by the oracle binary.
>more /etc/mnttab | grep /opt/oracle/product/ora8
......
/dev/vgsw01/lvol17 /opt/oracle/product/ora8174_64 vxfs
ioerror=mwdisable,delaylog,dev=40120011 0 0 1156705448
/dev/vgsw01/lvol16 /opt/oracle/product/ora816_64 vxfs
ioerror=mwdisable,delaylog,dev=40120010 0 0 1156705448
......
-hosts /net autofs ignore,indirect,nosuid,soft,nobrowse,dev=60000000 0 0
1156705509
/etc/auto.direct /opt/pvcs autofs ignore,direct,dev=60000001 0 0 1156705509
......
Moreover, there's no error message or trace file generated, and the newly generated database files are all belong to 'oracle' user. The only question shown is the ownership of the background processes.
So we wonder if this is something unique/different with OS(HP-UX) or there's still something wrong?
Thanks in advance!
Both OS 'oracle' user and our DBAs are in the OS dba group. The OS 'oracle' user is the oracle binary owner. With the 'setuid/setgid' set on the oracle binary ($ORACLE_HOME/bin/oracle), Oracle allows the specific users (that are in OS dba group) to connect to db as SYSOPER/SYSDBA and to perform STARTUP/SHUTDOWN db without switching to OS user 'oracle'.
>ls -l $ORACLE_HOME/bin/oracle
-rwsr-s--x 1 oracle dba 38524376 Oct 16 2005 /opt/oracle/product/ora8174_64/bin/oracle
>more /etc/group | grep dba
dba::203:oracle,dbauser2,dbauser3,dbauser1,oraapp2
>more /etc/passwd | grep oracle
oracle:x:301:203::/home/oracle:/usr/bin/ksh
>more /etc/passwd | grep dbauser1
dbauser1:x:24037:203::/home/dba/dbauser1:/usr/bin/ksh
My question is that, when a dba user starts up the oracle instance as himself, the oracle processes are supposed to be owned by the oracle binary owner 'oracle' (seen on Solaris/Linux); while on HP-UX 11.23 now, we noticed that the db starter (i.e. dbauser1 in this case) appears to be the owner of those processes.
>id
uid=24037(dbauser1) gid=203(dba)
SQL> !ps -efa | grep dbauser1
dbauser1 25590 1 0 Sep 24 ? 7:50 ora_dbw0_ORCL
dbauser1 12214 1 0 Sep 24 ? 7:09 ora_arc1_ORCL
dbauser1 25604 1 0 Sep 24 ? 0:00 ora_reco_ORCL
dbauser1 25594 1 0 Sep 24 ? 7:49 ora_dbw2_ORCL
dbauser1 25602 1 0 Sep 24 ? 0:53 ora_smon_ORCL
dbauser1 25592 1 0 Sep 24 ? 7:48 ora_dbw1_ORCL
dbauser1 4134 4131 0 10:16:43 pts/te 0:00 -ksh
dbauser1 25606 1 0 Sep 24 ? 77:47 ora_snp0_ORCL
dbauser1 6693 4134 0 10:20:13 pts/te 0:00 sqlplus / as sysdba
dbauser1 25588 1 0 Sep 24 ? 0:50 ora_pmon_ORCL
dbauser1 25598 1 0 Sep 24 ? 59:09 ora_lgwr_ORCL
dbauser1 6736 6735 8 10:20:39 pts/te 0:00 ps -efa
dbauser1 25596 1 0 Sep 24 ? 7:52 ora_dbw3_ORCL
dbauser1 6735 6693 0 10:20:39 pts/te 0:00 grep dbauser1
dbauser1 6697 1 0 10:20:13 ? 0:00 oracleORCL
(DESCRIPTION=(LOCAL=YES)(ADDRESS=(PROTOCOL=beq)))
dbauser1 25600 1 0 Sep 24 ? 1:58 ora_ckpt_ORCL
dbauser1 25608 1 0 Sep 24 ? 9:13 ora_arc0_ORCL
This may be good to show the real userid on HP-UX but seems to be confusing because we may wonder if it's safe to have an individual owns the oracle processes.
I checked the file /etc/mnttab on server and did not see the 'nosuid' option set for '/dev/vgsw01/lvol17' that is used by the oracle binary.
>more /etc/mnttab | grep /opt/oracle/product/ora8
......
/dev/vgsw01/lvol17 /opt/oracle/product/ora8174_64 vxfs
ioerror=mwdisable,delaylog,dev=40120011 0 0 1156705448
/dev/vgsw01/lvol16 /opt/oracle/product/ora816_64 vxfs
ioerror=mwdisable,delaylog,dev=40120010 0 0 1156705448
......
-hosts /net autofs ignore,indirect,nosuid,soft,nobrowse,dev=60000000 0 0
1156705509
/etc/auto.direct /opt/pvcs autofs ignore,direct,dev=60000001 0 0 1156705509
......
Moreover, there's no error message or trace file generated, and the newly generated database files are all belong to 'oracle' user. The only question shown is the ownership of the background processes.
So we wonder if this is something unique/different with OS(HP-UX) or there's still something wrong?
Thanks in advance!
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP