[20170705]Understanding linux su command.txt

[20170705]Understand the linux su command.txt

--//I usually log in as the root user during maintenance, and then su - oracle to other user operations
--//General Add the - parameter. This has become a conditioned reflex...^_^.

# man su
Change the effective user id and group id to that of USER.

- , -l, --login
make the shell a login shell

--//That is, use the shell in login and set the corresponding environment.
--//If the execution does not -, that is, just run a shell with substitute user and group IDs, without replacing the environment variables or related parameters inside.

1. Test 1:
--//Currently logged in as root user:
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk) ,10(wheel)
# echo $ORACLE_HOME
# export aaa=test
# echo $aaa
test

# su - oracle
$ id
uid =1001(oracle) gid=1001(oinstall) groups=101(fuse),1001(oinstall),1002(dba),1003(racoper),1004(asmdba)

$ echo $aaa

--//No display.

$ echo $ORACLE_HOME
/u01/app/oracle/product/11.2.0.4/dbhome_1

2. If executed without parameters - What?

$ echo $ORACLE_HOME

--//The environment variable ORACLE_HOME is not set, but what about the environment variable aaa set by root?
$ echo $aaa
test

--//You can find that the environment variable aaa can be displayed.

3. It seems that the - parameter should be rarely used.
--//In fact, the management of rac oracle introduces many To do this, create a grid user. Use some special examples to illustrate the problem:
--//Log in as grid user:
[grid@dm01dbadm02 ~ ]$ ocrcheck
Status of Oracle Cluster Registry is as follows:
Version : 3
Total space (kbytes) : 262120
Used space (kbytes) : 3852
Available space (kbytes) : 258268
ID : 2101855892
Device/File Name : + DBFS_DG
                                                                                            ’ ’s ’ s ’ use use through to to to to D ‐ ‐ ‐ ‐ ‐ ‐ to Device/File not configured
Device/File not configured
Device/File not configured
Cluster registry integrity check succeeded
         Logical corruption check bypassed due to non-privileged user

--//OK. If you add parameters:
$ ocrcheck -local
PROTL-602: Failed to retrieve data from the local registry
PROCL-26: Error while accessing the physical storage Operating System error [Permission denied] [13]

--//Trace and see:
$ strace -f -o /tmp /b1.txt ocrcheck -local
PROTL-602: Failed to retrieve data from the local registry
PROCL-26: Error while accessing the physical storage Operating System error [Permission denied] [13]

$ grep 'Permission denied' /tmp/b1.txt
14849 open("/u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr", O_RDONLY|O_SYNC) = -1 EACCES (Permission denied)

--//To open the file /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr.

$ ls -l /u01/app/11.2.0.4/grid /cdata/dm01dbadm02.olr
-rw------- 1 root oinstall 272756736 2017-07-05 09:45:15 /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
--//Pay attention to the user, the group is root, oinstall, and the grid user does not have permission to open this file at all.

--//To solve this problem, some DBAs use many environments where the root user is added to the grid. Variables. Execute as the root user, but I think this is not very good!!
--//In fact, a very simple method is to switch to the root user for execution. Note that you cannot add the - parameter at this time, because this will affect the grid's environment parameters. It is lost. In fact, it is executed as the
--//root user, and the environment used is still the grid user.

$ su root
Password:

# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10( wheel)
# echo $PATH
/usr/local/bin:/bin:/usr/bin:/u01/app/11.2.0.4/grid/bin:.:/u01/app/11.2.0.4 /grid/bin

# echo $ORACLE_HOME
/u01/app/11.2.0.4/grid

--//You can find that the environment parameters of grid are still there. Use this with The root user executes as follows:
# ocrcheck -local
Status of Oracle Local Registry is as follows:
Version 3
Total space (kbytes) : 262120
Used space s) : 2800
Available space (kbytes) : 259320
ID : 1632195400
Device/File Name : /u01/app/11.2.0.4/grid/cdata/ dm01dbadm02.olr
                                                                                     Device/File integrity check succeeded
Local registry integrity check succeeded
Logical corruption check succeeded

--//Of course, you can also use the sudo command in another way. sudo ocrcheck -local
--//Be careful to modify/ etc/sudoers, join:
grid ALL=(ALL) ALL

$ sudo ocrcheck -local
[sudo] password for grid:
Status of Oracle Local Registry is as follows:
Version : 3
Total space (kbytes) : 262120
Used space (kbytes) : 2800
Available space (kbytes) : 259320
ID : 1632195400
Device/File Name : / u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
                                                                                      Device/File integrity check succeeded

The above is the detailed content of [20170705]Understanding linux su command.txt. For more information, please follow other related articles on the PHP Chinese website!