Avatar of sam15
sam15
 asked on

Oracl_Listener.

Is the oracle listener supposed to be run by root user only?

I have a server where i can not shut down and start listener using oracle user.

It does not make sense because oracle DBA may not have the system admin root account.

Shall i change the ownership of file and what command would you run.
Oracle Database

Avatar of undefined
Last Comment
slightwv (䄆 Netminder)

8/22/2022 - Mon
Sean Stuber

no, listener should definitely not be run by root.

normally it is run by the oracle owner

or better yet a separate account with less access especially if you enable external procedure calls
OP_Zaharin

- set the user you login as to the ora_dba group on Windows or dba group on Unix
sam15

ASKER
I checked the listner.ora file and it is owned by oracle user and belongs to oiinstall group.

The permission are rw-r--r--.

I assume I just nee to add "x" to it so oracle user can execute.

What permissions code should be granted to the file
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
sam15

ASKER
Actually i think i should look at the listner executable file lsnrctl and it is also owned by oracle and executable but when i try to start or stop it tells me no permissions.

any ideas?

-bash-4.2$ ls -alt lsnr*
-rwxr-x--x 1 oracle oinstall 177788 Jan 05 09:22 lsnrctl
-rwxr-xr-x 1 oracle oinstall      0 Aug 05  2009 lsnrctl0

-bash-4.2$ lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-MAY-2012 18:13:23

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-01190: The user is not authorized to execute the requested listener command
Sean Stuber

are you logged in as oracle?
sam15

ASKER
yes. I logged in as oracle. I do not use root account.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
Sean Stuber

sorry I let this one drop off my radar.


what does your listener.ora look like?

if you want, before posting, you can remove any static registration entries as they aren't pertinent to the problem
MikeOM_DBA

Verify that the ORACLE_HOME  + PATH are the same as the ORACLE_HOME where the listener was started from:
$ lsnrctl
LSNRCTL> show oracle_home

Open in new window


:p
sam15

ASKER
LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 29-MAY-2012 18:59:50

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Welcome to LSNRCTL, type "help" for information.

LSNRCTL> show ORACLE_HOME
Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-01190: The user is not authorized to execute the requested listener command
LSNRCTL>

-bash-4.2$ echo $ORACLE_HOME


See the attached file for listener.ora. I have two listeners running because of some requirements.


/u01/app/oracle/product/11.2.0/dbhome_1
listener.txt
Experts Exchange is like having an extremely knowledgeable team sitting and waiting for your call. Couldn't do my job half as well as I do without it!
James Murphy
slightwv (䄆 Netminder)

Please post the results of the following from lsnrctl:  show current_listener
Rich Olu

I noticed you're on 11.2. Do you have a separate infrastructure owner? If so, you should try starting or stopping the listener as that user because listener would have been installed under that account. Just a thought.
R.
MikeOM_DBA

rolutola is correct, that is why i suggested to verify the ORACLE_HOME from where the listener was started from.
;)
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
sam15

ASKER
LSNRCTL> show current_listener
Current Listener is LISTENER

How do i check if there is a differnt infrastructure owner. I did not install he software.
I see that all directories under oracle home re owned by user "oracle".

The lsnrctl is alos owned by oracle user and i log in using oracle user.
So i am still not sure why it wont let me run some of the listener commands unless i log in as root.
SOLUTION
Rich Olu

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
MikeOM_DBA

Or you could also use the command:
$ ps -ef|grep tns

Open in new window

:p
sam15

ASKER
Here are the results

-bash-4.2$ locate lsnrctl
/OraDb11g/network.112/e10835/lsnrctl.htm
/u01/app/oracle/product/11.2.0/dbhome_1/bin/lsnrctl
/u01/app/oracle/product/11.2.0/dbhome_1/bin/lsnrctl0

-bash-4.2$ cd $ORACLE_HOME
-bash-4.2$ pwd
/u01/app/oracle/product/11.2.0/dbhome_1
-bash-4.2$ cd bin
-bash-4.2$ ls -alt lsnr*
-rwxr-x--x 1 oracle oinstall 177788 Jan 15 09:22 lsnrctl
-rwxr-xr-x 1 oracle oinstall      0 Aug 01  2009 lsnrctl0




oracle:x:502:506::/home/oracle:/bin/bash
mike:x:503:503:Mike:/home/mike:/bin/bash


-bash-4.2$ ps -ef|grep tns
root        10     2  0  2011 ?        00:00:00 [netns]
oracle    2045  1550  0 15:21 pts/0    00:00:00 grep --color=auto tns
daemon    4789     1  0 May17 ?        00:02:38 /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr LISTENER -inherit
daemon    9094     1  0 May18 ?        00:00:55 /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr listener_tips -inherit
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
Rich Olu

What errors do you get when you attempt to start or stop the listener?
Is the listener currently up or down?

R.
sam15

ASKER
I cant start/stop the listener usnig oracle account (only root).

-bash-4.2$ lsnrctl stop

LSNRCTL for Linux: Version 11.2.0.1.0 - Production on 25-MAY-2012 18:13:23

Copyright (c) 1991, 2009, Oracle.  All rights reserved.

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-01190: The user is not authorized to execute the requested listener command
Rich Olu

What do you mean by
"I cant start/stop the listener usnig oracle account (only root)"?

Are you logged in as root or are you logged in as oracle?

Do you know if the listener is password protected?

R.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
Log in to continue reading
Log In
Sign up - Free for 7 days
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
sam15

ASKER
<<I suggest you change your startup scripts to start the listener as oracle.>>

How can this be done if the listener will not start/stop if i log in as oracle. The script will do the same stuff as indivdidual commands.

There is no user "daemon" on the machine. This must be a unix thing. I did not install the software but it seems they may have created a listener using a root account.

Cant i change the ownership of tnslsnr from "daemon" to "oracle" or shall i delete the listener using root and create a new listener using oracle account using Net Manager.
MikeOM_DBA

Ooops, missed slightwv's comment...he is absolutely right!
:)
slightwv (䄆 Netminder)

Deamon is not an actual user:
http://en.wikipedia.org/wiki/Daemon_(computing)

You can probably check the parent pid to see what started it.  It is likely a startup script executed as root and not oracle.

>>Cant i change the ownership of tnslsnr from "daemon" to "oracle"

Yes, do what was posted in http:#a38048742:  kill the processes as root and restart the listeners as oracle. No need to reconfigure anything with netca.

You will also need to work the the sys admin to configure the startup scripts to run oracle processes as the oracle user.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
sam15

ASKER
I did kill the two tns processes using "killall -9 processname" command (Linux) using process name.

I normally log in as my user account and then su to root account.

I loogged in as oracle and tried to start the lsitener and i got this error


LSNRCTL> start listener
Starting /u01/app/oracle/product/11.2.0/dbhome_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.1.0 - Production
System parameter file is /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/l                             istener.ora
Log messages written to /u01/app/oracle/diag/tnslsnr/test1/listener/alert/log                             .xml
Error listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-12555: TNS:permission denied
 TNS-12560: TNS:protocol adapter error
  TNS-00525: Insufficient privilege for operation
   Linux Error: 1: Operation not permitted

Listener failed to start. See the error message(s) above...
slightwv (䄆 Netminder)

Try this from:
https://forums.oracle.com/forums/thread.jspa?threadID=931431&tstart=9

cd /u01/app/oracle/product/11.2.0/dbhome_1/bin
strace ./lsnrctl start