RE: [Non-DoD Source] Re: Security Wonks ate my hamster.

From: Robert Freeman <rfreeman_at_businessolver.com>
Date: Wed, 23 Mar 2016 21:57:17 +0000
Message-ID: <BY2PR10MB074484A44D91D56ADDF70BE4D5810_at_BY2PR10MB0744.namprd10.prod.outlook.com>

You are reading that document differently than I am. I don’t think it’s outright saying they do or don’t support su – or sudo but it certainly it makes it clear that the recommendation is NOT to use sudo su – and so on…. Did I miss something? I double scoured the document just in case I missed a statement of support for these methods.

Things to Consider Before Upgrading to 11.2.0.3/11.2.0.4 Grid Infrastructure/ASM (Doc ID 1363369.1) Blah…blah… not relevant to this topic… F. Execute rootupgrade.sh as real root user - not through sudo etc

When switching to the root user to execute rootupgrade.sh, "su -" or "su - root" provides the full root environment, while sudo, pbrun, "su root" or "su" or similar facilities don't. It is recommended to execute rootupgrade.sh with full root environment to avoid issues documented in the following notes:

Document 1315203.1<https://support.oracle.com/epmos/faces/DocumentDisplay?parent=DOCUMENT&sourceId=1363369.1&id=1315203.1> - ACFS Drivers Fail To Install During Root.Sh Execution Of 11.2.0.2 GI Standalone On AIX
Document 1235944.1<https://support.oracle.com/epmos/faces/DocumentDisplay?parent=DOCUMENT&sourceId=1363369.1&id=1235944.1> - 11gR2 root.sh Fails as crsd.bin Does not Come up due to Wrong ulimit
Document 1210883.1<https://support.oracle.com/epmos/faces/DocumentDisplay?parent=DOCUMENT&sourceId=1363369.1&id=1210883.1> - 11gR2 GI HAIP - Section "bug 12674817"
Document 1259874.1<https://support.oracle.com/epmos/faces/DocumentDisplay?parent=DOCUMENT&sourceId=1363369.1&id=1259874.1> - root.sh Fails as the ora.asm resource is not ONLINE or PROTL-16 due to Wrong umask

>>Rich wrote:

I would pull out the Oracle documentation where is indicates that when upgrading Clusterware - using pseudo root kinds of access (as in sudo su - root) are not supported during upgrades and

It should be noted that "su - root" (or just "su -") without sudo is supported (MOS 1363369.1) and works well, as that's what I use from a personal login for audit purposes.

Rich

--
http://www.freelists.org/webpage/oracle-l

Received on Wed Mar 23 2016 - 22:57:17 CET

This message: [ Message body ]
Next message: Jeff Chirco: "Re: Query MySQL from Oracle"
Previous message: Robert Freeman: "Re: Getting feet wet with users in Multi-Tenant Users and 12c"
In reply to: Rich J: "RE: [Non-DoD Source] Re: Security Wonks ate my hamster."
Next in thread: Rich J: "RE: [Non-DoD Source] Re: Security Wonks ate my hamster."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]

Original text of this message