Skip to main content
ExLibris
  • Subscribe by RSS
  • ExLibris Dev

    Backup Package: Oracle software backup (o5): error message "tar: unable to open exlibris/app/oracle/product/11r2/bin/nmo: Permission denied"

     

    • Product: Aleph
    • Product Version: 20, 21, 22, 23
    • Relevant for Installation Type: Dedicated-Direct, Direct, Local, Total Care

     

    Description

    The following error messages appear in the log file of the backup (/exlibris/backup/logs/ora_software_o5_<date>_<time>.log):

    tar: unable to open exlibris/app/oracle/product/11r2/bin/nmo: Permission denied
    tar: unable to open exlibris/app/oracle/product/11r2/bin/nmhs: Permission denied
    tar: unable to open exlibris/app/oracle/product/11r2/bin/nmb: Permission denied

    Resolution

    The executable program files nmb, nmhs and nmo have the following owners and permissions on the server:

    -rws--x--- 1 root dba 20424 Oct 14 2013 /exlibris/app/oracle/product/11r2/bin/nmb
    -rws--x--- 1 root dba 96608 Oct 14 2013 /exlibris/app/oracle/product/11r2/bin/nmhs
    -rws--x--- 1 root dba 27880 Oct 14 2013 /exlibris/app/oracle/product/11r2/bin/nmo

    As one can see the UNIX group dba does not have permission to read the files.
    The Backup Package executes the script /exlibris/backup/scripts/ora_software with the privileges of UNIX user oracle and group dba.
    Therefore the tar command in the script ora_software does not have permission to read the files nmb, nmhs, nmo and returns the error message "Cannot open: Permission denied".


    This behavior of the script ora_software is a bug. A fix for this bug has been requested.

    Resolution:
    Suggested workaround:

    (1)
    Exclude the files

    /exlibris/app/oracle/product/11r2/bin/nmb
    /exlibris/app/oracle/product/11r2/bin/nmhs
    /exlibris/app/oracle/product/11r2/bin/nmo

    from the backup of the Oracle software (o4) by changing the script /exlibris/backup/scripts/ora_software as follows:

    Replace line 9:
    tar -cvf - $files_no_slash | $GZIPEX | split -b2000m - ${DEVICE}.gz_

    with these five lines:

     

    tar -cvf –

    --exclude=`echo ${ORACLE_HOME}/bin/nmb | sed 's/\///'`
    --exclude=`echo ${ORACLE_HOME}/bin/nmo | sed 's/\///'`
    --exclude=`echo ${ORACLE_HOME}/bin/nmhs | sed 's/\///'`

    $files_no_slash | $GZIPEX | split -b2000m - ${DEVICE}.gz_



    Important notes:
    -----------------------
    -- On a Solaris server the basic version of tar does not have the option --exclude. Therefore make sure that the solution suggested above uses the GNU version of tar.
    For example, the path name of the GNU tar executable file may be /usr/sfw/bin/gtar or /bin/gtar, depending on the version and installation of Solaris.
    -- Make sure that you do not insert any space characters at the end of these five lines.


    (2)
    Make a note that if you need to restore the Oracle software from the backup, you have to execute the script root.sh after extracting the backup file.

     

    Additional Information

    Explanation:
    ------------
    (1)
    The owners and permissions of the files nmb, nmhs and nmo are correct according to My Oracle Support Note 1050290.1 "Oracle User Doesn't Have Permissions to Read Some Binaries on 11gR2 Home". The Note states:

    "Certain programs (setuid programs) that assume the root privilege at run time should only be runnable but not readable or writable for users from the agent user group.
    And it should not be readable, writable or executable for users from a different group."

    These restrictive privileges on the files nmb, nmhs and nmo were introduced in Oracle 11gR2.


    (2)
    The files

    ${ORACLE_HOME}/bin/nmb
    ${ORACLE_HOME}/bin/nmhs
    ${ORACLE_HOME}/bin/nmo

    are created by the script ${ORACLE_HOME}/root.sh during the installation of the Oracle 11gR2 software on a server. This is part of the standard installation procedure.

    For each of the files above there exists a template file with the following names:

    -rwxr-xr-x 1 oracle dba 34612 Oct 10 2013 ${ORACLE_HOME}/bin/nmb.0
    -rwxr-xr-x 1 oracle dba 67874 Oct 10 2013 ${ORACLE_HOME}/bin/nmhs.0
    -rwxr-xr-x 1 oracle dba 45717 Oct 10 2013 ${ORACLE_HOME}/bin/nmo.0

    The script ${ORACLE_HOME}/install/unix/rootadd.sh which is called by the script root.sh copies each of the template files nmb.0, nmhs.0, nmo.0 and saves the copy under the name nmb (respectively nmhs or nmo).
    Then the script rootadd.sh sets the owner of each copied file to user root and group dba, and the permissions to file mode 4710 (-rws--x---).


    Conclusion:
    ===========
    Even if the backup of the Oracle software does not include the files nmb, nmhs and nmo the software can be completely restored from that backup by carrying out the following steps:

    (1)
    Extract the backup file into the directory /exlibris/app/oracle/product/11r2.

    (2)
    Execute the script root.sh by entering the following command as UNIX user root:

    # /exlibris/app/oracle/product/11r2/root.sh

     

     


    • Article last edited: 5-Apr-2016
    //doorbell.io feedback widged