2009-11-10

Connecting to an Oracle DB as root without Password

My first idea was to add the user "root" to the group "dba":
usermod -a -G dba root

This did not work, because root has "daemon" as its primary group, returning -> ORA-01031: insufficient privileges

The solution was temporarily adding the user "root" to the group "dba" for the duration of the OS session. (Metalink Article "SYSDBA and SYSOPER Privileges in Oracle [ID 50507.1]")
newgrp dba

The problem of "newgrp" is, that it spawns a new shell, so that it is difficult to use it in scripts. An alternative is to use the command "sg" in order to perform the same task. It allows to give statements to be executed as parameter.
The following example can be used in a script. It sets the primary group "dba" and executes the Script "myScript.ksh" in a Korn-Shell, passing all parameters of the main script to "myScript.ksh":
sg dba -c "ksh ./myScript.ksh $@"

You can perform the whole work recursively in your "myScript.ksh". Here an example:

#!/bin/ksh
#----------------------------------------------------
# Script-Name   : myScript.ksh
#----------------------------------------------------
if [[ $(whoami) != "root" ]]; then
  echo "Only root is allowed to execute this script"
  exit 1
fi
# root has not dba as primary group yet
if [[ $(id  grep -ci "dba") -lt 1 ]]; then
  echo "============================================"
  MY_DIR="$(pwd)"
  sg dba -c "ksh ${MY_DIR}/myScript.ksh $@"
  id
  echo"============================================="
  exit 0
fi
#----------------------------------------
# Do the work here
#----------------------------------------
#---------------------------------------------------
# End of myScript.ksh
#---------------------------------------------------

PROBLEMS & SOLUTIONS

Problem
On some DB server I got the following Oracle error trying to log locally as non oracle user:
  [root@XXXX]# sqlplus / as sysdba
  . . .
  ORA-12546: TNS:permission denied
Solution
=> The permition of all files under $ORACLE_HOME were OK.
   But the permition of $ORACLE_BASE (i.e. /u00/app/oracle) was not correct.
     ls -Fla $ORACLE_BASE
     -> drwx------ 11 oracle dba  4096 Nov 10 13:38 ./
   Changed the its permition:
   chmod go+rx $ORACLE_BASE
Eingestellt von um No comments :
Labels:
Subscribe to: Posts ( Atom )