Oracle GoldenGate安全性配置系列:利用CMDSEC文件控制GoldenGate命令的用户访问权限(二)
export DISPLAY=192.168.8.100:0.0
~
GoldenGate 安装在 /home/oracle/ggs 下
[root@prod home]# ls -lt
total 12
drwx------ 8 oracle oinstall 4096 Mar 3 14:21 oracle
drwx------ 3 ogg oinstall 4096 Mar 3 14:20 ogg
drwx------ 3 grid oinstall 4096 Mar 1 20:00 grid
[root@prod ~]# cd /home
[root@prod home]# ls -lt
total 12
drwx------ 3 ogg oinstall 4096 Mar 3 15:19 ogg
drwx------ 8 oracle oinstall 4096 Mar 3 15:10 oracle
drwx------ 3 grid oinstall 4096 Mar 1 20:00 grid
[root@prod home]# su - ogg
[ogg@prod ~]$ cd /home/oracle/ggs
-bash: cd: /home/oracle/ggs: Permissiondenied
原因:ogg 用户无权访问 oracle 属主目录 /home/oracle
修改/home/oracle的属组权限,以便 ogg 用户能够访问该目录及其子目录
[root@prod home]# chmod g+rx oracle
[root@prod home]# ls -lt
total 12
drwx------ 3 ogg oinstall 4096 Mar 3 15:19 ogg
drwxr-x--- 8 oracle oinstall 4096 Mar 3 15:10 oracle
drwx------ 3 grid oinstall 4096 Mar 1 20:00 grid
修改后便能访问:
[root@prod home]# su - ogg
[ogg@prod ~]$ cd /home/oracle/ggs
[ogg@prod ~]$ ln -s /home/oracle/ggs ggs
执行 ggsci 命令进行测试:
[ogg@prod ~]$ cd /home/oracle/ggs
[ogg@prod ggs]$ ggsci
Oracle GoldenGate Command Interpreter forOracle
Version 11.2.1.0.1 OGGCORE_11.2.1.0.1_PLATFORMS_120423.0230_FBO
Linux, x86, 32bit (optimized), Oracle 11gon Apr 23 2012 08:09:25
Copyright (C) 1995, 2012, Oracle and/or itsaffiliates. All rights reserved.
GGSCI (prod.oracle.com) 1> info all
Program Status Group Lag at Chkpt Time Since Chkpt
MANAGER RUNNING
EXTRACT RUNNING ESCOTT 00:00:00 00:00:06
EXTRACT RUNNING PSCOTT 00:00:00 00:00:00
GGSCI (prod.oracle.com) 2> stop *
Sending STOP request to EXTRACT ESCOTT ...
Request processed.
Sending STOP request to EXTRACT PSCOTT ...
Request processed.
GGSCI (prod.oracle.com) 6> info all
Program Status Group Lag at Chkpt Time Since Chkpt
MANAGER RUNNING
EXTRACT STOPPED ESCOTT 00:00:00 00:00:45
EXTRACT STOPPED PSCOTT 00:00:00 00:00:45
GGSCI (prod.oracle.com) 7> start *
Sending START request to MANAGER ...
EXTRACT ESCOTT starting
Sending START request to MANAGER ...
EXTRACT PSCOTT starting
GGSCI (prod.oracle.com) 8> info all
Program Status Group Lag at Chkpt Time Since Chkpt
MANAGER RUNNING
EXTRACT RUNNING ESCOTT 00:01:12 00:00:00
EXTRACT RUNNING PSCOTT 00:00:00 00:01:03
GGSCI (prod.oracle.com) 11> stop mgr
Manager process is required by other GGSprocesses.
Are you sure you want to stop it (y/n) y
Sending STOP request to MANAGER ...
Request processed.
Manager stopped.
GGSCI (prod.oracle.com) 12> info all
Program Status Group Lag at Chkpt Time Since Chkpt
MANAGER STOPPED
EXTRACT STOPPED ESCOTT 00:00:00 00:00:08
EXTRACT STOPPED PSCOTT 00:00:00 00:00:07
编辑参数文件:
GGSCI (prod.oracle.com) 9> edit paramsmgr
无法编辑,只有只读权限
原因 ogg 用户对 dirprm 文件夹及其下面的文件只有只读权限
[ogg@prod ggs]$ ls -lt dirprm
total 20
-rwxr-xr-x 1 oracle oinstall 198 Mar 3 15:06 einit.prm
-rwxr-xr-x