Executing Oracle RAC cluster management commands such as $ORA_CRS_HOME/bin/crs_start requires root permissions.
Using Solaris RBAC (Role-Based Access Control), one can give a non-root user permissions to execute those commands, but the commands still fail internally. Example:
$pfexec /opt/11.1.0/crs/bin/crs_stop SomeArg
CRS-0259: Owner of the resource does not belong to the group.
Is there a complete RBAC solution for Oracle RAC or does the executor need to be root?
EDIT: Note that my original /etc/security/exec_attr contained:
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0
As Martin suggests below, this needed to be changed to add gid=0 as:
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0;gid=0
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0;gid=0
From stackoverflow
-
Judging from the error (you need to add the exec_attr line to the question), you probably just set the
uid, while the command seems to require thegidto be set too.David Citron : Yes yes! Great job answering my question even though I didn't quite provide enough info (sorry!) :-P
0 comments:
Post a Comment