This appendix describes the minimum user permissions for Oracle: Database and why they are needed.
If your user is “oracle”, the default Oracle OS user, you should already have all the required permissions.
Oracle: Database Minimum Permissions Needed
At a minimum, SL1 needs the following:
- To be able to retrieve lsnrctl status output: This is used to check instance status, to determine if the instance is up or down. The output is also used to model child devices.
- To be able to retrieve tnsnames.ora info: SL1matches any provided credentials with the contents of tnsnames.ora to verify whether the credentials are correct. The file information is also used to monitor PDBs.
To get that information, the Oracle: Database user permissions listed below are needed.
Folder path through lsnrctl, tnsnames.ora
This permission is needed to access lsnrctl and tnsnames.ora. Every folder to reach those files must have "read" and "execute" permissions. For example:
If ORACLE_HOME is /u01/app/oracle/product/21.0.0/dbhome_1
-
give “read” & “execute” to /u01
-
give “read” & “execute” to app
-
give “read” & “execute” to oracle
-
give “read” & “execute” to product
-
give “read” & “execute” to 21.0.0
-
give “read” & “execute” to dbhome_1
If you are not using “oracle” in your SSH credential, and want to give permissions to a user outside the “orainstall” group, the commands should use o= where o= stands for “other” and rx stands for “read & execute”.
chmod o=rx /u01
chmod o=rx /u01/app
chmod o=rx /u01/app/oracle
chmod o=rx /u01/app/oracle/product
chmod o=rx /u01/app/oracle/product/21.0.0
chmod o=rx $ORACLE_HOME
To give permissions to bin and lib folders:
chmod o=rx $ORACLE_HOME/bin
chmod o=rx $ORACLE_HOME/lib
Execute permission to run lsnrctl
This permission is needed to run the lsnrctl command to check instance status.
chmod o=x $ORACLE_HOME/bin/lsnrctl
Read permission to read libclntsh.so.21.1, libclntshcore.so.21.1, libnnz21.so
This permission is needed because lsnrctl depends on them.
chmod o=r $ORACLE_HOME/lib/libclntsh.so.21.1
chmod o=r $ORACLE_HOME/lib/libclntshcore.so.21.1
chmod o=r $ORACLE_HOME/lib/libnnz21.so
Folder path to read tnsnames.ora and mesg folder
This permission is needed because SL1 reads tnsnames.ora to verify if provided credentials match with tnsnames.ora, and because lsnrctl depends on mesg files.
chmod o=rx $ORACLE_HOME/network
chmod o=rx $ORACLE_HOME/network/admin
chmod o=rx $ORACLE_HOME/network/mesg
chmod o=r $ORACLE_HOME/network/admin/tnsnames.ora
chmod -R o=r $ORACLE_HOME/network/mesg/
Read permission for oratab
This permission is needed because SL1 gets ORACLE_HOME from oratb.
chmod o=r /etc/oratab
ORACLE_HOME is needed to properly run lsnrctl and read tnsnames.ora.