Veritas-bu

[Veritas-bu] RMAN User + Permissions of IMAGES

2009-02-09 14:16:12
Subject: [Veritas-bu] RMAN User + Permissions of IMAGES
From: "Servet Ince" <servet.ince AT gantek DOT com>
To: <veritas-bu AT mailman.eng.auburn DOT edu>
Date: Mon, 9 Feb 2009 21:00:56 +0200

Hello All,

 

I have a question about Oracle User;

 

When I check the image list by using bplist command, I see that ‘oratpp’ user has backed up the FILES which seems like a member of Oratpp Group. The first weird thing is we dont have a group as named ‘Oratpp’. If you check the ‘/etc/group’ and ‘/etc/passwd’ outputs below; you will see that ‘Oratpp’ user is member of ‘dba’, ‘oper’ and ‘sapsys’.

 

As you see below, it doesn’t show the group column as ‘dba’.  I showld be ‘Oratpp + dba’, not ‘Oratpp + Oratpp’.

 

I’ve cheked the ‘umask’ for Oratpp user and it is ‘006’. So the permissions should be ‘660 (-rw-rw----)’ NOT ‘600 (-rw-------) as seems.

 

We have many DB agents, just this one is weird.

 

We suggest that the permissions are ‘660’ as it has to be, to Duplicate the DATA to the another Oracle Client.

 

By the way, the DATABASE has been established under the HOME directory of Oratpp user (/Oracle/TPP).

 

The one more information; when we run the Control Files backups by RMAN,  the permissions seem like 640.. It is better than other and looks enough for us.

 

All of the outputs are below.

 

Does anyone has any idea? Let me know please.

 

Many Thanks.

 

Regards.

 

Servet INCE

 

 

 

 

bash-3.00# ./bplist -t 4 -l -R /

-rw------- oratpp    oratpp      93052416K Feb 04 09:10 /bk_7244_1_677921171

-rw------- oratpp    oratpp       82575360 Feb 04 06:17 /al_7243_1_677917042

-rw------- oratpp    oratpp      928251904 Feb 04 03:24 /al_7242_1_677906244

-rw------- oratpp    oratpp     103961344K Feb 04 07:25 /bk_7241_1_677905277

-rw------- oratpp    oratpp      249036800 Feb 04 00:17 /al_7240_1_677895439

-rw------- oratpp    oratpp      137101312 Feb 03 21:17 /al_7239_1_677884638

-rw------- oratpp    oratpp       1473792K Feb 03 18:19 /al_7238_1_677873839

-rw------- oratpp    oratpp      720896000 Feb 03 15:19 /al_7237_1_677863042

-rw------- oratpp    oratpp      761004032 Feb 03 12:18 /al_7236_1_677852237

-rw------- oratpp    oratpp      247463936 Feb 03 10:05 /al_7235_1_677844275

-rw------- oratpp    oratpp      456130560 Feb 03 09:18 /al_7234_1_677841446

-rw------- oratpp    oratpp      92893184K Feb 03 10:03 /bk_7232_1_677830585

-rw------- oratpp    oratpp       85721088 Feb 03 06:17 /al_7233_1_677830640

-rw------- oratpp    oratpp     103886848K Feb 03 06:16 /bk_7230_1_677818866

-rw------- oratpp    oratpp       1660416K Feb 03 03:20 /al_7231_1_677819839

-rw------- oratpp    oratpp      199229440 Feb 03 00:18 /al_7229_1_677809038

-rw------- oratpp    oratpp      148635648 Feb 02 21:17 /al_7228_1_677798237

-rw------- oratpp    oratpp      657719296 Feb 02 18:18 /al_7227_1_677787439

-rw------- oratpp    oratpp     1052508160 Feb 02 15:19 /al_7226_1_677776652

-rw------- oratpp    oratpp       1587712K Feb 02 12:19 /al_7225_1_677765831

 

 

 

 

TPSAPPRO üzerindeki /etc/group

bash-3.00# cat /etc/group

root::0:

other::1:root

bin::2:root,daemon

sys::3:root,bin,adm

adm::4:root,daemon

uucp::5:root

mail::6:root

tty::7:root,adm

lp::8:root,adm

nuucp::9:root

staff::10:

daemon::12:root

sysadmin::14:

smmsp::25:

gdm::50:

webservd::80:

postgres::90:

nobody::60001:

noaccess::60002:

nogroup::65534:

sapsys::100:oratpp

oper::101:tppadm,oratpp

dba::102:tppadm

sdofflin::103

 

 

 

 

TPSAPPRO /etc/passwd

bash-3.00# cat /etc/passwd

root:x:0:0:Super-User:/:/sbin/sh

daemon:x:1:1::/:

bin:x:2:2::/usr/bin:

sys:x:3:3::/:

adm:x:4:4:Admin:/var/adm:

lp:x:71:8:Line Printer Admin:/usr/spool/lp:

uucp:x:5:5:uucp Admin:/usr/lib/uucp:

nuucp:x:9:9:uucp Admin:/var/spool/uucppublic:/usr/lib/uucp/uucico

smmsp:x:25:25:SendMail Message Submission Program:/:

listen:x:37:4:Network Admin:/usr/net/nls:

gdm:x:50:50:GDM Reserved UID:/:

webservd:x:80:80:WebServer Reserved UID:/:

postgres:x:90:90:PostgreSQL Reserved UID:/:/usr/bin/pfksh

svctag:x:95:12:Service Tag UID:/:

nobody:x:60001:60001:NFS Anonymous Access User:/:

noaccess:x:60002:60002:No Access User:/:

nobody4:x:65534:65534:SunOS 4.x NFS Anonymous Access User:/:

tppadm:x:100:100:SAP System Administrator:/export/home/tppadm:/usr/bin/csh

oratpp:x:101:102:SAP Database Administrator:/oracle/TPP:/usr/bin/csh

tpftp:x:102:100:Tupras FTP Kullanicisi:/usr/sap/trans/EPS:/bin/sh

humanist:x:103:1:FTP User:/usr/sap/trans/humanist:/bin/sh

veritas:x:104:102::/veritas:/usr/bin/ksh

 

 

The one more information; when we run the Control Files backups by RMAN,  the permissions seem like 640.. It is better than other and looks enough for us.

 

bash-3.00$ id

uid=101(oratpp) gid=102(dba)

bash-3.00$ rman catalog rman/rman@rmandb target /

 

Recovery Manager: Release 9.2.0.7.0 - 64bit Production

 

Copyright (c) 1995, 2002, Oracle Corporation.  All rights reserved.

 

connected to target database: TPP (DBID=1318170203)

connected to recovery catalog database

 

RMAN> run

2> {

3> allocate channel c1 type disk;

4> backup current controlfile format '/veritas/TPP_controlfile';

5> release channel c1;

6> }                

 

starting full resync of recovery catalog

full resync complete

allocated channel: c1

channel c1: sid=21 devtype=DISK

 

Starting backup at 09-FEB-09

channel c1: starting full datafile backupset

channel c1: specifying datafile(s) in backupset

including current controlfile in backupset

channel c1: starting piece 1 at 09-FEB-09

channel c1: finished piece 1 at 09-FEB-09

piece handle=/veritas/TPP_controlfile comment=NONE

channel c1: backup set complete, elapsed time: 00:00:01

Finished backup at 09-FEB-09

 

released channel: c1

 

RMAN>

 

 

 

 

bash-3.00# cd veritas/

bash-3.00# ls -l

total 37972

-rw-r-----   1 oratpp   dba      9699328 Feb  9 16:59 TPP_controlfile

-rwxrwxrwx   1 root     root       11019 Jan 30 18:15 arch.sh

-rw-rw-rw-   1 root     root        3317 Feb  9 15:30 arch.sh.out

-rw-r--r--   1 root     root         288 Jan 23 09:56 cont_restore.sh

-rw-r--r--   1 root     root        3087 Jan 23 15:35 duplicate.sh

-rw-r--r--   1 root     root         505 Apr  4  2007 hot.err

-rwxrwxrwx   1 veritas  dba        11120 Jan 30 18:10 hot.sh

-rw-rw-rw-   1 root     root        4878 Feb  9 05:47 hot.sh.out

-r-xr-xr-x   1 root     root       11483 Dec  9  2006 hot_database_backup.sh

-rw-r--r--   1 root     root         290 May 31  2008 restore_arch.rcv

-rw-r-----   1 oratpp   dba      9674752 Jan 23 10:09 tpp_cont.ctl

 

 

 

 

 

_______________________________________________
Veritas-bu maillist  -  Veritas-bu AT mailman.eng.auburn DOT edu
http://mailman.eng.auburn.edu/mailman/listinfo/veritas-bu
<Prev in Thread] Current Thread [Next in Thread>