HPE Community
Operating System - HP-UX
1832617 Members
2497 Online
110043 Solutions
New Discussion

Re: su problem

 
Sridhar R
Regular Advisor

‎05-26-2008 08:29 PM

‎05-26-2008 08:29 PM

su problem

Hi,

My problem is:

The syslog.log file is generating this message on a continuous basis.


May 27 02:14:39 bidrdev1 su: + tty?? root-oracle
May 27 02:14:41 bidrdev1 above message repeats 238 times
May 27 02:14:45 bidrdev1 su: + tty?? root-oracle
May 27 02:34:37 bidrdev1 su: + tty?? root-oracle
May 27 02:34:41 bidrdev1 above message repeats 237 times
May 27 02:34:42 bidrdev1 su: + tty?? root-oracle
May 27 02:54:40 bidrdev1 su: + tty?? root-oracle
May 27 02:54:41 bidrdev1 above message repeats 238 times
May 27 02:54:45 bidrdev1 su: + tty?? root-oracle
May 27 03:14:37 bidrdev1 su: + tty?? root-oracle
May 27 03:14:41 bidrdev1 above message repeats 237 times
May 27 03:14:42 bidrdev1 su: + tty?? root-oracle
May 27 03:34:40 bidrdev1 su: + tty?? root-oracle
May 27 03:34:41 bidrdev1 above message repeats 238 times
May 27 03:34:45 bidrdev1 su: + tty?? root-oracle
May 27 03:54:38 bidrdev1 su: + tty?? root-oracle
May 27 03:54:41 bidrdev1 above message repeats 237 times
May 27 03:54:43 bidrdev1 su: + tty?? root-oracle
May 27 04:14:37 bidrdev1 su: + tty?? root-oracle
May 27 04:14:41 bidrdev1 above message repeats 237 times
May 27 04:14:42 bidrdev1 su: + tty?? root-oracle
May 27 04:34:39 bidrdev1 su: + tty?? root-oracle
May 27 04:34:41 bidrdev1 above message repeats 238 times
May 27 04:34:44 bidrdev1 su: + tty?? root-oracle
May 27 04:54:37 bidrdev1 su: + tty?? root-oracle
May 27 04:54:41 bidrdev1 above message repeats 237 times
May 27 04:54:43 bidrdev1 su: + tty?? root-oracle
May 27 05:14:40 bidrdev1 su: + tty?? root-oracle
May 27 05:14:41 bidrdev1 above message repeats 238 times
May 27 05:14:45 bidrdev1 su: + tty?? root-oracle
May 27 05:34:38 bidrdev1 su: + tty?? root-oracle
May 27 05:34:42 bidrdev1 above message repeats 237 times
May 27 05:34:43 bidrdev1 su: + tty?? root-oracle



This is the HP-UX 11.23 Server.

I know for sure that the oracle user didn't su that many number of times, but why is that am i getting such messages regularly. How to overcome this?

Kindly provide a good solution for this!!

Thanks in Advance!

Sridhar
0 Kudos
Reply
10 REPLIES 10
Dennis Handly
Acclaimed Contributor

‎05-26-2008 08:41 PM

‎05-26-2008 08:41 PM

Re: su problem

>The syslog.log file is generating this message on a continuous basis.

This is as expected. You have cron job that keeps doing su from root to oracle.
0 Kudos
Reply
SUDHAKAR_18
Trusted Contributor

‎05-26-2008 09:22 PM

‎05-26-2008 09:22 PM

Re: su problem

Hi,

Can u check any job is scheduled in cron?

do #crontab -l

or any script may run in background.
do #ps -ef |grep oracle and check for processes.

Regards,
SHR
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-26-2008 10:35 PM

‎05-26-2008 10:35 PM

Re: su problem

Shalom,

The oracle startup script does an su to oracle from root user.

It's also common to do this with root cron scripts that need to run as oracle,as any database scripts should.

There is nothing wrong with what I see in this log. Check your cron schedule for root.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Sridhar R
Regular Advisor

‎05-26-2008 11:32 PM

‎05-26-2008 11:32 PM

Re: su problem

Hi,

I dont find any cron scheduling by the root user.

But, i can find the oracle processes running.


# ps -ef | grep -i oracle
ias 25632 1 0 May 26 ? 0:00 oracleinfra (LOCAL=NO)
ias 25473 1 0 May 26 ? 0:00 oracleinfra (LOCAL=NO)
root 26272 22929 0 12:22:18 pts/0 0:00 grep -i oracle
ias 25454 1 0 May 26 ? 0:17 oracleinfra (LOCAL=NO)
ias 25475 1 0 May 26 ? 0:00 oracleinfra (LOCAL=NO)
ias 25479 1 0 May 26 ? 0:01 oracleinfra (LOCAL=NO)
ias 25477 1 0 May 26 ? 0:01 oracleinfra (LOCAL=NO)
ias 25506 1 0 May 26 ? 0:00 oracleinfra (LOCAL=NO)
ias 25508 1 0 May 26 ? 0:00 oracleinfra (LOCAL=NO)
ias 25510 1 0 May 26 ? 0:00 oracleinfra (LOCAL=NO)
ias 25512 1 0 May 26 ? 0:00 oracleinfra (LOCAL=NO)
ias 25514 1 0 May 26 ? 0:00 oracleinfra (LOCAL=NO)


Is this what creating such logs?


Thanks!
0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

‎05-26-2008 11:49 PM

‎05-26-2008 11:49 PM

Re: su problem

>I don't find any cron scheduling by the root user.

Some root process is doing su to oracle.

>i can find the oracle processes running ... Is this what creating such logs?

Well, if these are started by the root process.
Unfortunately since the parent of each is init, you can no longer tell who the parent was.
0 Kudos
Reply
Rasheed Tamton
Honored Contributor

‎05-27-2008 12:19 AM

‎05-27-2008 12:19 AM

Re: su problem

Hi,

See whether the ias or oracle users have cronjob running as below:

crontab -l ias
crontab -l oracle

or
ll /var/spool/cron/crontabs

Compare the timing of cron jobs with the syslog entries and /var/adm/sulog

Regards,
Rasheed Tamton.
0 Kudos
Reply
SUDHAKAR_18
Trusted Contributor

‎05-27-2008 01:18 AM

‎05-27-2008 01:18 AM

Re: su problem

Can you check for any software corruptions(using swlist)?

.
0 Kudos
Reply
Peter Nikitka
Honored Contributor

‎05-27-2008 01:34 AM

‎05-27-2008 01:34 AM

Re: su problem

Hi,

your "oracle" processes are running under the UID of "ias", not oracle.

ps -fuoracle
would list all processes of user oracle.
There may be no processes listed by the ps command even when one may exist, when the execution time is very short.
As an example:
This loop will create entries of such type:

until su oracle non-existing-command
do :
done

Can it be that a supervising script - checking oracle processes - is running but no longer applicable?

mfG Peter
The Universe is a pretty big place, it's bigger than anything anyone has ever dreamed of before. So if it's just us, seems like an awful waste of space, right? Jodie Foster in "Contact"
0 Kudos
Reply
Heironimus
Honored Contributor

‎05-27-2008 08:34 AM

‎05-27-2008 08:34 AM

Re: su problem

All those "LOCAL=NO" processes are just listener processes for connections from other systems. They shouldn't have any connection to your log messages, which are caused by some root-owned process repeatedly suing to oracle.
0 Kudos
Reply
TTr
Honored Contributor

‎05-27-2008 10:11 AM

‎05-27-2008 10:11 AM

Re: su problem

Did anybody notice the times? It is happening on the 14th, 34th and 54th minute of every hour either 238 or 239 times. There is definitely something scheduled on these times. If there is nothing in cron, maybe there is another process scheduler running? You should monitor your server at those 3 different minutes and see what processes are running. Use a simple ps command or glance if you have it. Is it maybe an oracle backup job?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.