Re: Install & configure Grid Infrastructure /ASM

From: Jeremy Schneider <jeremy.schneider_at_ardentperf.com>
Date: Tue, 24 Nov 2015 08:46:11 -0500
Message-ID: <CA+fnDAbrEMwejf3ETMbJ-SVzR0jjgHpOKDpMd6ye97xjbkVHRg_at_mail.gmail.com>

Grid Infrastructure has this (poorly-documented) concept called "locking" the home, which - perhaps among other things - means changing the ownership to root and permissions to 755.

My guess on one reason is security; unlike the DB home, GI has binaries that are executed by root. I think that if any directories can be changed by a non-root user than that non-root user could rename the directories and substitute their own trojan binary which would be launched as the root user giving them complete access on the system. Thus it would be very insecure if any directories in the path up to the root-executed binaries are not "locked" and non-root users can modify them.

The "reason" above is my own guess, but you can find some actual documentation about basics of locking and unlocking grid homes here:

https://docs.oracle.com/cd/E11882_01/rac.112/e17264/softpatch2.htm#TDPRC605

As Andrew said though, the directories are definitely not required to be created by root. In fact you *need* to change the ownership back to grid/oracle before installing, patching, etc. Now -- if you're creating "/u01" then you'll probably need to be root initially since [hopefully] non-root users don't have write access in the / directory!! But the root user can change the ownership of this directory to grid/oracle then you can proceed as the non-root user from there.

Follow the Oracle docs closely and you should be fine. You should not have to mess around directly with ownership as long as everything was setup correctly to start.

-Jeremy

--
http://about.me/jeremy_schneider


On Mon, Nov 23, 2015 at 11:33 AM, Sandra Becker <sbecker6925_at_gmail.com> wrote:


> Oracle EE, versions 11.2.0.4 and 12.1.0.2

>

> I am testing and documenting the installation of 11.2.0.4 Grid

> Infrastructure / ASM and then upgrading it to 12.1.0.2.  Another DBA on the

> team gave me instructions he used last year to upgrade from 11.2.0.2 to

> 11.2.0.4 as a starting point.  I've had to make several changes for the 12c

> upgrade, which I expected.

>

> Question 1:  His document says the grid home directory must be created by

> the root user and the group changed to dba (they don't use oinstall here)

> and the permissions should be 775.  Is this correct?  I'm new to Grid/ASM so

> I'm not sure.

>

> Question 2:  Assuming the directory should be owned by root, why would that

> be the case rather than owned by the oracle user?

>

> I appreciate any direction you can provide me.

>

> --

> Sandy B.

>

--
http://www.freelists.org/webpage/oracle-l

Received on Tue Nov 24 2015 - 14:46:11 CET

This message: [ Message body ]
Next message: Sandra Becker: "Re: Install & configure Grid Infrastructure /ASM"
Previous message: Jure Bratina: "Re: PQ - Can a set of slave processes be prevented from starting a rowrource scan if their result is bound to be discarded?"
In reply to: Sandra Becker: "Install & configure Grid Infrastructure /ASM"
Next in thread: Sandra Becker: "Re: Install & configure Grid Infrastructure /ASM"
Reply: Sandra Becker: "Re: Install & configure Grid Infrastructure /ASM"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message