Link to home
Start Free TrialLog in
Avatar of sam15
sam15

asked on

Oracl_Listener.

Is the oracle listener supposed to be run by root user only?

I have a server where i can not shut down and start listener using oracle user.

It does not make sense because oracle DBA may not have the system admin root account.

Shall i change the ownership of file and what command would you run.
Avatar of Sean Stuber
Sean Stuber

no, listener should definitely not be run by root.

normally it is run by the oracle owner

or better yet a separate account with less access especially if you enable external procedure calls
- set the user you login as to the ora_dba group on Windows or dba group on Unix
Avatar of sam15

ASKER

I checked the listner.ora file and it is owned by oracle user and belongs to oiinstall group.

The permission are rw-r--r--.

I assume I just nee to add "x" to it so oracle user can execute.

What permissions code should be granted to the file
Avatar of sam15

ASKER

Actually i think i should look at the listner executable file lsnrctl and it is also owned by oracle and executable but when i try to start or stop it tells me no permissions.

any ideas?

-bash-4.2$ ls -alt lsnr*
-rwxr-x--x 1 oracle oinstall 177788 Jan 05 09:22 lsnrctl
-rwxr-xr-x 1 oracle oinstall      0 Aug 05  2009 lsnrctl0

-bash-4.2$ lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-MAY-2012 18:13:23

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-01190: The user is not authorized to execute the requested listener command
are you logged in as oracle?
Avatar of sam15

ASKER

yes. I logged in as oracle. I do not use root account.
sorry I let this one drop off my radar.


what does your listener.ora look like?

if you want, before posting, you can remove any static registration entries as they aren't pertinent to the problem
Verify that the ORACLE_HOME  + PATH are the same as the ORACLE_HOME where the listener was started from:
$ lsnrctl
LSNRCTL> show oracle_home

Open in new window


:p
Avatar of sam15

ASKER

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 29-MAY-2012 18:59:50

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> show ORACLE_HOME
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-01190: The user is not authorized to execute the requested listener command
LSNRCTL>

-bash-4.2$ echo $ORACLE_HOME


See the attached file for listener.ora. I have two listeners running because of some requirements.


/u01/app/oracle/product/11.2.0/dbhome_1
listener.txt
Please post the results of the following from lsnrctl:  show current_listener
I noticed you're on 11.2. Do you have a separate infrastructure owner? If so, you should try starting or stopping the listener as that user because listener would have been installed under that account. Just a thought.
R.
rolutola is correct, that is why i suggested to verify the ORACLE_HOME from where the listener was started from.
;)
Avatar of sam15

ASKER

LSNRCTL> show current_listener
Current Listener is LISTENER

How do i check if there is a differnt infrastructure owner. I did not install he software.
I see that all directories under oracle home re owned by user "oracle".

The lsnrctl is alos owned by oracle user and i log in using oracle user.
So i am still not sure why it wont let me run some of the listener commands unless i log in as root.
SOLUTION
Avatar of Rich Olu
Rich Olu
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Or you could also use the command:
$ ps -ef|grep tns

Open in new window

:p
Avatar of sam15

ASKER

Here are the results

-bash-4.2$ locate lsnrctl
/OraDb11g/network.112/e10835/lsnrctl.htm
/u01/app/oracle/product/11.2.0/dbhome_1/bin/lsnrctl
/u01/app/oracle/product/11.2.0/dbhome_1/bin/lsnrctl0

-bash-4.2$ cd $ORACLE_HOME
-bash-4.2$ pwd
/u01/app/oracle/product/11.2.0/dbhome_1
-bash-4.2$ cd bin
-bash-4.2$ ls -alt lsnr*
-rwxr-x--x 1 oracle oinstall 177788 Jan 15 09:22 lsnrctl
-rwxr-xr-x 1 oracle oinstall      0 Aug 01  2009 lsnrctl0




oracle:x:502:506::/home/oracle:/bin/bash
mike:x:503:503:Mike:/home/mike:/bin/bash


-bash-4.2$ ps -ef|grep tns
root        10     2  0  2011 ?        00:00:00 [netns]
oracle    2045  1550  0 15:21 pts/0    00:00:00 grep --color=auto tns
daemon    4789     1  0 May17 ?        00:02:38 /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr LISTENER -inherit
daemon    9094     1  0 May18 ?        00:00:55 /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr listener_tips -inherit
What errors do you get when you attempt to start or stop the listener?
Is the listener currently up or down?

R.
Avatar of sam15

ASKER

I cant start/stop the listener usnig oracle account (only root).

-bash-4.2$ lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-MAY-2012 18:13:23

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-01190: The user is not authorized to execute the requested listener command
What do you mean by
"I cant start/stop the listener usnig oracle account (only root)"?

Are you logged in as root or are you logged in as oracle?

Do you know if the listener is password protected?

R.
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of sam15

ASKER

<<I suggest you change your startup scripts to start the listener as oracle.>>

How can this be done if the listener will not start/stop if i log in as oracle. The script will do the same stuff as indivdidual commands.

There is no user "daemon" on the machine. This must be a unix thing. I did not install the software but it seems they may have created a listener using a root account.

Cant i change the ownership of tnslsnr from "daemon" to "oracle" or shall i delete the listener using root and create a new listener using oracle account using Net Manager.
Ooops, missed slightwv's comment...he is absolutely right!
:)
Deamon is not an actual user:
http://en.wikipedia.org/wiki/Daemon_(computing)

You can probably check the parent pid to see what started it.  It is likely a startup script executed as root and not oracle.

>>Cant i change the ownership of tnslsnr from "daemon" to "oracle"

Yes, do what was posted in http:#a38048742:  kill the processes as root and restart the listeners as oracle. No need to reconfigure anything with netca.

You will also need to work the the sys admin to configure the startup scripts to run oracle processes as the oracle user.
Avatar of sam15

ASKER

I did kill the two tns processes using "killall -9 processname" command (Linux) using process name.

I normally log in as my user account and then su to root account.

I loogged in as oracle and tried to start the lsitener and i got this error


LSNRCTL> start listener
Starting /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/l                             istener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/test1/listener/alert/log                             .xml
Error listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-12555: TNS:permission denied
 TNS-12560: TNS:protocol adapter error
  TNS-00525: Insufficient privilege for operation
   Linux Error: 1: Operation not permitted

Listener failed to start. See the error message(s) above...
Try this from:
https://forums.oracle.com/forums/thread.jspa?threadID=931431&tstart=9

cd /u01/app/oracle/product/11.2.0/dbhome_1/bin
strace ./lsnrctl start