PDA

View Full Version : ASM and GRID_USER permissions issues


Mike Donovan
07-20-2011, 11:30 AM
Explanation:
The user that runs Dbvisit Standby needs to have execute permissions on the executables under the "grid" user's ORACLE_HOME, such as ASMCMD and also SqlPlus (for use by the create standby database process (CSD) to log to the ASM instance).

We are aware of this issue presented by the Oracle owner/grid user role separation, and of the fact that the "normal" Oracle user does not have right privileges by default. However we do advise changing permissions as we have outlined, even though this is not an Oracle default recommendation. The following blog post indicates also that Oracle may already be planning to change this in the near future:

http://oraganism.wordpress.com/2010/07/16/asmcmd-privileges-in-grid-infrastructure/
"Update October 5th 2010 - Oracle support have finally responded to say that this is expected behaviour however they have opened an enhancement request to allow users other than the software owner to use ASMCMD."

Workarounds:
We have the following suggestions to make to overcome the issues when installing Dbvisit Standby, due to the ASM/GRID_USER permission settings:

1. add the owner of the Dbvisit Standby software (which is oracle) to the group oinstall, and then try running the Dbvisit Standby application again.
If this achieves the result then this would be the best solution.

2. give execute on grid OH/bin/asmcmd and grid OH/bin/sqlplus only to the owner of the Dbvisit Standby software (which is oracle)

3. make sure when the owner of the Dbvisit Standby software (which is oracle) runs ". oraenv" to set oracle env to +ASM, and that the environment points to the grid Oracle env
- check values for PATH, LD_LIBRARY_PATH, ORACLE_SID and ORACLE_HOME

4. call asmcmd and sqlplus (as oracle) from command line and check if you can connect. Failure to do so should highlight further issues for attention.

Alternatively we have heard of instances of people running Dbvisit Standby as the "grid" user on both servers with the "grid" user obviously applying the logs - and this process seems to work. However recovery would probably require ownership changes on files, so for this reason trying to resolve it according to the steps outlined above seems the best first approach.

related forum post:
http://www.dbvisit.com/forums/showthread.php?t=1339

Mike Donovan
10-28-2011, 03:10 PM
Update:

As of version 6.0.10 (released 2 September 2011) this is no longer an issue for Dbvisit Standby, as we have removed dependance on asmcmd to allow for separate Grid install.