on 10-24-2008 7:13 AM
Hi Frinds,
I have freshly installed ECC6.0 on AIX, in the sapmnt/SID/exe folder i went to check saposcol and the permission looks like
-rwsx- 1 root sapsys 1121753 May 22 2007 saposcol
i am wondering why the permissions are '-rwsx-' i dont want 's' here. and s means sticky bit.
and i am also not able to change the permissions.
when i am executing command 'chmod 775 saposcol' with 'root' user,i get the message
"chmod: saposcol: Operation not permitted."
I would like to know how can i change the permissions, since without changing permissions i will not be able to copy it neither will i be able to upgrade my kernel patch.
Regards
Ayush
Hi Friends,
From my experience we do not require stiky bit for saposcol and we can keep the permission simply. it wouldnt harm.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
login as root
change to the kernel directory
run saproot.sh [SID]
this should set proper sticky bits for your binaries.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
saposcol is not the only program having an s-bit - icmbnd has too because it may need to bind() ports < 1024 which is only possible by user root.
saposcol needs that bit to read e. g. the operating system log.
Markus
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
> Oracle DBA tools ("brtools, brconnect and brbackup") also got sticky bit set and this is a system requirement. These are accessed by external tools / programs and requires root privileges for file operations..
Not "root" privileges but other effective users. If you run e. g. a backup from DB13, brbackup must run as ora<SID>, not as <SID>adm, hence they have the sticky bit to ensure that.
Markus
If that would be the case backups would not work. You´re right, adm starts the program but it will run with effective user id of ora:
testsyst:mt7adm> ls -l br*
-rwsrwxr-x 1 oramt7 dba 12475328 Oct 12 21:24 brarchive
-rwsrwxr-x 1 oramt7 dba 12873072 Oct 12 21:24 brbackup
-rwsrwxr-x 1 oramt7 dba 15900416 Oct 12 21:24 brconnect
-rwxrwxr-x 1 oramt7 dba 13280736 Oct 12 21:24 brrecover
-rwxrwxr-x 1 oramt7 dba 3709968 Oct 11 05:32 brrestore
-rwxrwxr-x 1 oramt7 dba 16351440 Oct 12 21:25 brspace
-rwsrwxr-x 1 oramt7 dba 5525240 Oct 12 21:25 brtools
That is done by the script "saproot.sh" in the kernel directory.
Markus
Hi,
check Note 548699 - FAQ: OS collector SAPOSCOL
Question 5
regards,
kaushal
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.