本空间收录 snow 的一些技术日记。 如果喜欢音乐的朋友请前往 snow 另一个空间 http://snowhite2000.itpub.net

关于连接 oracle 需要强调 connect string 的解释

上一篇 / 下一篇  2008-03-06 03:27:07 / 个人分类:Oracle Database

查看( 82 ) / 评论( 1 ) / 评分( 0 / 0 )

上一篇文章里面,有这样一段:

SQL> connect / as sysdba
ERROR:
ORA-12546: TNS:permission denied

SQL> connect sys/passwprd@infra as sysdba
Connected.

为什么需要强制 connect string @sid 否则会出现 ORA-12546 错误呢?

原因在于一个文件的权限问题。这个文件是:$ORACLE_HOME/bin/oracle

例如,不需要 connect string @sid 的:

<BLANK>$ cd $ORACLE_HOME
<BLANK>$ cd bin
<BLANK>$ ls -al oracle
-rwsr-s--x   1 oracle   oradba    131620018 Nov 02 20:44 oracle

需要 connect string @sid 的:

<BLANK>$ ls -al oracle
-rwsr-s---   1 oracle   oradba    131620018 Nov 02 20:44

如果 other 用户组,对这个文件有 x 的权利,就不用 connect string @sid;
反之,如果 other 用户组对这个文件没有 x 的权利,就需要 @sid 才可以成功连接。

OS 命令是,在 $ORACLE_HOME/bin 目录下,chmod o+x oracle 或者 chmod o-x oracle.

原因:
这个问题跟 Oracle Network Security 有关系。如果上面的那个文件没有 x 的运行权限,就会出现权限被否认的错误。如果加上了 connect string @sid 之后,就强迫当前连接通过普通的 IPC 或者是 TCP/IP 的进程进行连接,就可以通过了。

很好玩,是不是?snow 也觉得很好玩。


导入论坛 引用链接 收藏 分享给好友 推荐到圈子 管理 举报

TAG:

feng_xin的个人空间 引用 删除 feng_xin   /   2008-03-21 14:00:05
当使用连接串的时候, oracle走的是sqlnet通讯,通过TCP/IP与sqlnet的认证机制进行client/server方式的通讯.

当不使用连接串的时候,oracle使用的是unix的进程间IPC通讯机制. IPC---Inter-Process Communications
IPC可以通过管道或共享内存等进行通讯,IPC的通讯也有安全限制, 可参考如下资料.

Access Permission Modes - The 'ipc_perm' Structure
SysV IPC resources may be protected using access mode permissions, much like files and directories are protected by the Unix system. Each such resource has an owning user and an owning group. Permission modes define if and how processes belonging to different users in the system may access this resource. Permissions may be set separately for the owning user, for users from the owning group, and everyone else. permissions may be set for reading the resource (e.g. reading messages from a message queue), or writing to the resource (e.g. sending a message on a queue, changing the value of a semaphore). A structure of type 'ipc_perm', which is defined as follows:

struct ipc_perm
{
  key_t  key;   /* key identifying the resource                     */
  ushort uid;   /* owner effective user ID and effective group ID   */
  ushort gid;
  ushort cuid;  /* creator effective user ID and effective group ID */
  ushort cgid;
  ushort mode;  /* access modes                                     */
  ushort seq;   /* sequence number                                  */
};
These fields have the following meanings:
•        key - the identifier of the resource this structure refers to.
•        uid - effective user ID owning the resource.
•        gid - effective group ID owning the resource.
•        cuid - effective user ID that created the resource.
•        cgid - effective group ID that created the resource.
•        mode - access permission modes for the given resource. This is a bit field, with the lowest 9 bits denoting access flags, and are a bit-wise 'or' of the following (octal) values:
o        0400 - owning user may read from this resource.
o        0200 - owning user may write to this resource.
o        0040 - owning group may read from this resource.
o        0020 - owning group may write to this resource.
o        0004 - every other user may read from this resource.
o        0002 - every other user may write to this resource.
•        seq - used to keep system-internal info about the resource. for further info, check your kernel's sources (you are working on a system with free access to its source code, right?).
Part of the SysV IPC API allows us to modify the access permissions for the resources. We will encounter them when discussing the different IPC methods.
 

评分:0

我来说两句

显示全部

:loveliness: :handshake :victory: :funk: :time: :kiss: :call: :hug: :lol :'( :Q :L ;P :$ :P :o :@ :D :( :)

Open Toolbar