permission to file

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

permission to file

Roshan
Source Solaris
Target Linux server

Hi Erman,

Golden Gate is generating trail files on source server. GoldenGate is running under user ora12c. Below is a snapshot of permissions of files for user ora12c

Capture1.PNG

I have mounted the filesystem containing the trail files on a target Linux server where Striim is running. User is oracle.

Capture2.PNG

How can I make the files readable by user oracle on the target Linux server?

Is it ACL?I was thinking of ACL from source.

https://unix.stackexchange.com/questions/401207/linux-how-to-give-only-specific-user-to-read-the-file

Please advise how do I proceed?

setfacl -m u:oracle:r /ogg/ora12c/cd*
?

Regards,

Roshan

Reply | Threaded
Open this post in threaded view
|

Re: permission to file

ErmanArslansOracleBlog
Administrator
Please verify me;

So you exported a NFS Share from Solaris and mount it from Linux right?
So currently, in Linux you have a local directory mounted to this nfs share...

Can all the users (in Linux) access this directory? Can they read files?
And your question is, you want only the oracle user in Linux to access these files?
Reply | Threaded
Open this post in threaded view
|

Re: permission to file

Roshan
So you exported a NFS Share from Solaris and mount it from Linux right?
YES

So currently, in Linux you have a local directory mounted to this nfs share...
YES

Can all the users (in Linux) access this directory?
YES

 Can they read files?
NO.
The permission I see is nobody nobody for files on the nfs share on Linux server.
oracle@RH-DATWHSE-DEV dirdat]$ more cd000005807
cd000005807: Permission denied

Yes, I want the oracle user to access the files.

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: permission to file

ErmanArslansOracleBlog
Administrator
NFS uses the UID and GID, and the mapping to the username and groupname is done locally
on each client.
How did you configure this nfs? What parameters did you use?
what is your NFS version? ( nfs v3 or nfs v4?)
Did you try sharing that directory with anon=0 argument? I mean share -F nfs -o anon=0

note that -> with anon argument , you use uid to select the user ID of unauthenticated users. If you set uid to -1, the server denies access to unauthenticated users. You can grant root access by setting anon=0, but this option allows unauthenticated users to have root access, so use the root option instead.

Also you can use root argument as well -> root=client-name
The client-name value is used with AUTH_SYS authentication to check the client's IP address against a list of addresses provided by exportfs(1B). If a match is found, root access is given to the file systems being shared

I mean, share blabla -o root=<hostname_of_the_linux_machine>
Reply | Threaded
Open this post in threaded view
|

Re: permission to file

Roshan
Hi,

thanks for the update.

I tried the commands but still same issue.

I tried top open using ora12c user on the Linux machine but still fails to open the files.

share -F nfs -o rw,root=10.124.0.88,anon=54321 /ogg

Regards,

Roshan
Reply | Threaded
Open this post in threaded view
|

Re: permission to file

Roshan
Hi,

I have been able to read/write on the directory on Linux by mounting as nfsv3

 mount -o vers=3 <IP>:/ogg /ogg

permission is 101 users. I set oracle user with secondary group users and it is ok now :)


Reply | Threaded
Open this post in threaded view
|

Re: permission to file

ErmanArslansOracleBlog
Administrator
Cool.

What is display in the user and group field of ls -al output(from Linux now)
NFSV3 uses GID and UID mapping, so if the users have same UID and GUID in both system, then the ownerships should be listed properly. (else they will be displayed as numbers)
Actually, that's why I asked the nfs version earlier.
In NFS4, we have idmapd daemon. So your idmapd was not running probably.. Or maybe it was not configured. (/etc/idmapd.conf)

In NFSv4, the concept is user@domainname; if there is no centralized user mapping, the user will be mapped to the properties defined in /etc/idmapd.conf; by default the name nobody will be used.
 
That idmapd can be disabled by the way.. (keyword = /fs4_disable_idmapping)