Re: Permission Denied

• From: Carol Dacko <dackoc@xxxxxxxxx>
• To: Pete Sharman <pete.sharman@xxxxxxxxxx>
• Date: Wed, 26 Aug 2015 15:04:34 -0400

Thanks for your work on this. We appreciate it!

Carol

On Wed, Aug 26, 2015 at 3:00 PM, Peter Sharman <pete.sharman@xxxxxxxxxx>
wrote:

Andy and I went a few rounds offline on this and the associated “Cloud
Control patching” thread, and you’ll be pleased to know that Andy won. J



Seriously, just circling back with the resolution here. The problem was
Andy was using a named credential that had the normal user set to the
Oracle software owner (which is of course correct) but also had RUNAS set
to root. The end result of that was that OPatch was installed under the
Oracle software home as root, not as oracle, and as we all know that will
break shit. L



I spoke to some of my patching colleagues in Product Management and they
said it is actually documented somewhere that you should not have RUNAS set
like this. I didn’t bother searching for that particular documentation as
both myself and the relevant product manager agreed the product should not
work that way. It should at least provide an error that you should not
have RUNAS set, and more preferably should install OPatch as the Oracle
software owner as that information is already specified in the named
credential.



This has been logged as bug# 21699304.



Pete

[image: Oracle logo]

Pete Sharman
Database Architect, DBaaS / DBLM
Enterprise Manager Product Suite
33 Benson Crescent CALWELL ACT 2905 AUSTRALIA

Phone: +61262924095 | | Fax: +61262925183 | | Mobile: *+61414443449
<%2B61414443449>*
Email: pete.sharman@xxxxxxxxxx Twitter: @SharmanPete LinkedIn:
au.linkedin.com/in/petesharman
Website: petewhodidnottweet.com
------------------------------

"Controlling developers is like herding cats."

Kevin Loney, Oracle DBA Handbook



"Oh no, it's not, it's much harder than that!"

Bruce Pihlamae, long term Oracle DBA
------------------------------



*From:* Andrew Kerber [mailto:andrew.kerber@xxxxxxxxx]
*Sent:* Wednesday, August 26, 2015 10:47 PM
*To:* Seth Miller <sethmiller.sm@xxxxxxxxx>
*Cc:* Peter Sharman <pete.sharman@xxxxxxxxxx>; Oracle-L Freelists <
oracle-l@xxxxxxxxxxxxx>
*Subject:* Re: Permission Denied



No. I was able to get by the problem, it appears to be related to using
the same credential set for both privileged and normal access from cloud
control.

Sent from my iPad


On Aug 25, 2015, at 7:56 PM, Seth Miller <sethmiller.sm@xxxxxxxxx> wrote:

Is this ebiz by any chance?

Seth Miller

On Aug 25, 2015 3:24 PM, "Peter Sharman" <pete.sharman@xxxxxxxxxx> wrote:

Sorry, been stuck in concall hell this morning.

If it's using root, you must have provided it with that as a credential.
Have you tried providing the oracle account instead?

Send me the steps you've been doing offline and I'll see if I can
reproduce it. I presume this is 12.1.0.5 but please correct me if not. I
only have that version to test with.

Pete

Pete Sharman
Database Architect, DBaaS / DBLM
Enterprise Manager Product Suite
33 Benson Crescent CALWELL ACT 2905 AUSTRALIA
Phone: +61262924095 | | Fax: +61262925183 | | Mobile: +61414443449
Email: pete.sharman@xxxxxxxxxx Twitter: @SharmanPete LinkedIn:
au.linkedin.com/in/petesharman
Website: petewhodidnottweet.com

"Controlling developers is like herding cats."
Kevin Loney, Oracle DBA Handbook

"Oh no, it's not, it's much harder than that!"
Bruce Pihlamae, long term Oracle DBA


-----Original Message-----
From: Andrew Kerber [mailto:andrew.kerber@xxxxxxxxx]
Sent: Wednesday, August 26, 2015 5:32 AM
To: ORACLE-L <Oracle-L@xxxxxxxxxxxxx>
Subject: Re: Permission Denied

Ok. I have been working this further, and it appears that OEM is logged
in as root and attempting a local connection to the database (not using
TNS) to check the status. Is this a bug? Any thoughts?

Sent from my iPad

On Aug 25, 2015, at 12:03 PM, Andrew Kerber <andrew.kerber@xxxxxxxxx>

wrote:

Ok, this is driving me nuts. I am getting the output below from oem

cloud control when I run the analyze piece of the patch plan.

And I cannot figure out what is causing it. I can ssh to the database
server from my cloud control server, I can ping it, tnsping it, and
run sqlplus using sqlnet to connect to the target database. But every

time I analyze the patch plan from cloud control I get the error below.
Normally this would be a firewall or hosts.allow issue, but I dont have any
problems when I run the commands from the OMS server a the OS level. Any
ideas?

Tue Aug 25 11:47:22 2015 - Finding the current state of the database

[/apps/orabase/product/12.1.0.2/dbhome_1 (OH), mytest (SID)] ...

Tue Aug 25 11:47:22 2015 - onWindows =>, isRunning => 1

Tue Aug 25 11:47:22 2015 -
SQL*Plus: Release 12.1.0.2.0 Production on Tue Aug 25 11:47:22 2015
Copyright (c) 1982, 2014, Oracle. All rights reserved.
SQL> SQL> ERROR:
ORA-12546: TNS:permission denied


Sent from my iPad

--
//www.freelists.org/webpage/oracle-l


--
//www.freelists.org/webpage/oracle-l

• References:
  • Permission Denied
    • From: Andrew Kerber
  • Re: Permission Denied
    • From: Andrew Kerber
  • RE: Permission Denied
    • From: Peter Sharman
  • RE: Permission Denied
    • From: Seth Miller
  • Re: Permission Denied
    • From: Andrew Kerber
  • RE: Permission Denied
    • From: Peter Sharman

Other related posts:

• » Permission Denied- Andrew Kerber
• » Re: Permission Denied- Andrew Kerber
• » RE: Permission Denied- Peter Sharman
• » RE: Permission Denied- Seth Miller
• » Re: Permission Denied- Andrew Kerber
• » RE: Permission Denied- Peter Sharman
• » Re: Permission Denied - Carol Dacko
• » Re: Permission Denied- Andrew Kerber
• » RE: Permission Denied- Mark W. Farnham

1. Home
2. oracle-l
3. Archive
4. 08-2015

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---