使用crs_setperm修改RAC资源的所有者及权限

时间:2022-06-15 04:20:26

Oracle RAC 集群中,对于各种资源的管理,也存在所有者与权限的问题。crs_getperm与crs_setperm则是这样的一对命令,主要用于查看与修改集群中resource的owner,group以及权限等,下面通过具体的演示来获得其使用方法。

  1. 1、查看当前集群中的资源
  2. #下面的查询可知,当前集群环境中存在两个service
  3. oracle@bo2dbp:~> crs_stat -ls | grep srv
  4. ora....O4A.srv oracle         oinstall                 rwxrwxr--
  5. ora....0g1.srv oracle         oinstall                 rwxrwxr--
  6. #获得service的全称
  7. oracle@bo2dbp:~> crs_stat -p | grep srv
  8. NAME=ora.GOBO4.GOBO4_SRV.GOBO4A.srv
  9. NAME=ora.ora10g.hr_ora10g.ora10g1.srv
  10. DESCRIPTION=ora.ora10g.hr_ora10g.ora10g1.srv
  11. #下面通过crs_getperm获得资源的所有者即权限
  12. oracle@bo2dbp:~> crs_getperm ora.ora10g.hr_ora10g.ora10g1.srv
  13. Name: ora.ora10g.hr_ora10g.ora10g1.srv
  14. owner:oracle:rwx,pgrp:oinstall:rwx,other::r--,
  15. #上面owner即为所有者,pgrp表示所有者,other则为其他用户,每个后面跟的都是其对应的权限
  16. 2、crs_getperm与crs_setperm的用法
  17. oracle@bo2dbp:~> crs_getperm -h
  18. Usage: crs_getperm resource_name [-u user|-g group] [-q]
  19. #crs_getperm用法较为简单,后面接资源名,可选的为用户或组
  20. oracle@bo2dbp:~> crs_setperm -h  #此命令稍微较crs_getperm复杂
  21. Usage: crs_setperm resource_name -u aclstring [-q]
  22. crs_setperm resource_name -x aclstring [-q]
  23. crs_setperm resource_name -o user_name [-q]
  24. crs_setperm resource_name -g group_name [-q]
  25. -u  Update the acl string
  26. -x  Delete the acl string
  27. -o  Change the owner of the resource
  28. -g  Change the primary group of the resource
  29. aclstring is one of the following:
  30. user:<username>:rwx
  31. group:<groupname>:r-x   #当心这里的group用法,如果直接使用group修改权限会收到错误提示
  32. other::r--
  33. 3、演示使用crs_setperm
  34. oracle@bo2dbp:~> su
  35. Password:
  36. #下面分别修改资源hr_ora10g的资源所有者和所属组,将其全部改为roo权限
  37. bo2dbp:/users/oracle # crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -o root
  38. bo2dbp:/users/oracle # crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -g root
  39. #查看修改之后,该资源的属主与属组已经发生变化
  40. bo2dbp:/users/oracle # crs_getperm ora.ora10g.hr_ora10g.ora10g1.srv
  41. Name: ora.ora10g.hr_ora10g.ora10g1.srv
  42. owner:root:rwx,pgrp:root:rwx,other::r--,
  43. #修改属组的权限,将其改为读,执行
  44. bo2dbp:/users/oracle # crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -u pgrp:root:r-x
  45. bo2dbp:/users/oracle # crs_getperm ora.ora10g.hr_ora10g.ora10g1.srv
  46. Name: ora.ora10g.hr_ora10g.ora10g1.srv
  47. owner:root:rwx,pgrp:root:r-x,other::r--,
  48. #使用同样的方式将其修改回去。
  49. bo2dbp:/users/oracle # crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -o oracle
  50. bo2dbp:/users/oracle # crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -g oinstall
  51. bo2dbp:/users/oracle # crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -u pgrp:oinstall:rwx
  52. bo2dbp:/users/oracle # crs_getperm ora.ora10g.hr_ora10g.ora10g1.srv
  53. Name: ora.ora10g.hr_ora10g.ora10g1.srv
  54. owner:oracle:rwx,pgrp:oinstall:rwx,other::r--,
  55. bo2dbp:/users/oracle # su - oracle
  56. #所有者的权限不允许修改
  57. oracle@bo2dbp:~> crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -u owner:oracle:r-x
  58. CRS-0248:  Acl operation failed
  59. oracle@bo2dbp:~> crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -u owner:oracle:rw-
  60. CRS-0248:  Acl operation failed
  61. oracle@bo2dbp:~> crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -u owner:oracle:-wx
  62. CRS-0248:  Acl operation failed
  63. #组权限可以修改
  64. oracle@bo2dbp:~> crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -u pgrp:oinstall:r-x
  65. oracle@bo2dbp:~> crs_getperm ora.ora10g.hr_ora10g.ora10g1.srv
  66. Name: ora.ora10g.hr_ora10g.ora10g1.srv
  67. owner:oracle:rwx,pgrp:oinstall:r-x,other::r--,
  68. #other也可以修改
  69. oracle@bo2dbp:~> crs_setperm ora.ora10g.hr_ora10g.ora10g1.srv -u other::rwx
  70. oracle@bo2dbp:~> crs_getperm ora.ora10g.hr_ora10g.ora10g1.srv
  71. Name: ora.ora10g.hr_ora10g.ora10g1.srv
  72. owner:oracle:rwx,pgrp:oinstall:r-x,other::rwx,
  73. #Author: Robinson
  74. #Blog: http://blog.csdn.net/robinson_0612
  75. #根据下面的查看结果可知,已经发生了变化,建议将其改为最初的状态
  76. oracle@bo2dbp:~> crs_stat -ls |grep srv
  77. ora....O4A.srv oracle         oinstall                 rwxrwxr--
  78. ora....0g1.srv oracle         oinstall                 rwxr-xrwx
  79. 转:http://blog.csdn.net/leshami/article/details/8219242