Menu
The Oracle Inventory Group (typically, oinstall ) You must create this group the first time you install Oracle software on the system. The default name chosen for this group is oinstall . This group owns the Oracle inventory that is a catalog of all Oracle software installed on the system.
In installations of Oracle RAC with Sun Cluster, the DBA group is normally named dba. This group normally contains the root user and the oracle user. Note – This configuration of users and groups differs from the configuration that is described in the Oracle documentation for a standalone installation of Oracle RAC.
Oracle software installations require an installation owner, an Oracle Inventory group, which is the primary group of all Oracle installation owners, and at least one group designated as a system privileges group. Review group and user options with your system administrator.
I am trying to run a very simple python script from Oracle. Oracle is on the same linux box as the script. It opens a file and creates a checksum. It is triggered by a 'recon' user within oracle.
Running the script from within Oracle works fine as long as the file owner is 'oracle', or the group is 'oinstall' (oracle's default group), or the public is set to rx, the script works.
The problem is that we must use a different user:group, and we cannot use public permissions. We added the oracle user to the file's group.
uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),202175(efs_data)
When running from within Oracle as we did before, it now fails, however, when sudo'ing into the oracle user and running the script directly, it works so we know the linux permissions are ok.
What could cause this? I guess Oracle is doing some other sort of access check overlaying the linux permissions, and this ignores the secondary groups and looks at gid only.
as 'recon' schema:
set serveroutput on size unlimited
declare
x number;
begin
x := run_cmd('/home/oracle/bin_dir/pytest.py');
dbms_output.put_line('return:' || x);
end;
run_cmd:
create or replace function RUN_CMD( p_cmd in varchar2) return number as
language java
name 'Util.RunThis(java.lang.String) return integer';
Util.RunThis:
import java.io.*;
import java.lang.*;
public class Util extends Object
{
public static int RunThis(java.lang.String args)
{
Runtime rt = Runtime.getRuntime();
int rc = -1;
try
{
Process p = rt.exec(args);
int bufSize = 4096;
BufferedInputStream bis =
new BufferedInputStream(p.getInputStream(), bufSize);
int len;
byte buffer[] = new byte[bufSize];
// Echo back what the program spit out
while ((len = bis.read(buffer, 0, bufSize)) != -1)
System.out.write(buffer, 0, len);
rc = p.waitFor();
}
catch (Exception e)
{
e.printStackTrace();
rc = -1;
}
finally
{
return rc;
}
}
}
/home/oracle/bin_dir/pytest.py:
#! /usr/bin/python -W ignore::DeprecationWarning
import paramiko
import logging
import datetime
import pwd
import md5
import os
def test_file_open(local_file):
print 'Trying to open: '+ local_file
logging.info('Trying to open: ' + local_file)
local_file_data = open(local_file, "rb").read()
checksum = md5.new(local_file_data).hexdigest()
return checksum
def main():
logging.basicConfig(filename='/mounts/users/dmz/pytest.log', level=logging.INFO)
logging.info('==========================================')
logging.info('START: ' + str(datetime.datetime.now()))
logging.info('getuid: ' + pwd.getpwuid( os.getuid() ).pw_name)
logging.info('geteuid: ' + pwd.getpwuid( os.geteuid() ).pw_name)
checksum = test_file_open('/test.txt')
print 'Success!, checksum: ' + checksum
logging.info('Success! checksum: ' + checksum)
logging.info('END: ' + str(datetime.datetime.now()))
if __name__ == '__main__':
main()
Output (with oracle as file owner):
-rwxrwx---. 1 oracle efs_data 0 Jun 7 19:56 /test.txt
INFO:root:==========================================
INFO:root:START: 2018-06-07 19:45:32.005429
INFO:root:getuid: oracle
INFO:root:geteuid: oracle
INFO:root:Trying to open: /test.txt
INFO:root:Success! checksum: 9f1e1404fd72b59121d45a8beb4dab5d
INFO:root:END: 2018-06-07 19:45:32.007078
Output (with permissions only via group association):
-rwxrwx---. 1 root efs_data 0 Jun 7 19:57 /test.txt
INFO:root:==========================================
INFO:root:START: 2018-06-07 19:44:15.748559
INFO:root:getuid: oracle
INFO:root:geteuid: oracle
INFO:root:Trying to open: /test.txt
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With