Skip to content

Why is connection not going through directly on same server and goingthrough DBLINK

Published on

setuid and setgid (short for "set user ID upon execution" and "set group ID upon execution", respectively).

They are Unix access rights flags that allow users to run an executable with the permissions of the executable's owner or group respectively.

They are often used to allow users on a computer system to run programs with temporarily elevated privileges in order to perform a specific task. While the assumed user id or group id privileges provided are not always elevated, at a minimum they are specific.

Now this user hear was connecting, to get at the secure connection where ORACLE_HOME/bin has not given the permission of the shared permissions to support TWO_TASK.

The reason why is very simple: you removed the SUID permission on the file oracle. When the user executes a local connection, he essentially tries to run the executable oracle, but because the SUID is not set, it's not tried as user oracle but rather as EXP_BKP. As user EXP_BKP does not have permission to run this file, it will not be executed

i.e.

SETUID AND SETGID for the Oracle

$ id
uid=241(test1) gid=202(users) groups=1(staff),13(dba)
$
$ cd $ORACLE_HOME/bin
$ ls -ltr oracle
-rwxr-xr-x    1 oracle   dba       136803483 Mar 16 20:32 oracle
$
$ chmod 6751 oracle
$ ls -ltr oracle
-rwsr-s--x    1 oracle   dba       136803483 Mar 16 20:32 oracle
$

Now the question is why such permission is to be given as

ipcs -a

IPC status from as of Fri Apr 27 13:21:23 PDT 2012
T ID KEY MODE OWNER GROUP CREATOR CGROUP CBYTES QNUM QBYTES LSPID LRPID STIME RTIME CTIME
Message Queues:
T ID KEY MODE OWNER GROUP CREATOR CGROUP NATTCH SEGSZ CPID LPID ATIME DTIME CTIME
Shared Memory:
m 8 0x759c6b1c --rw-rw---- oracle dba oracle dba 2 1895833600 7173 18689 13:21:21 13:21:21 14:56:53
T ID KEY MODE OWNER GROUP CREATOR CGROUP NSEMS OTIME CTIME
Semaphores:
s 14 0xab90108c --ra-ra---- oracle dba oracle dba 154 11:23:28 14:56:55

So it will not be able to use shared memory which is used by ORACLE to execute.

So either we change the user permission to be equivalent to oracle user or set the oracle binary to perform two task.