2 Replies Latest reply: Sep 6, 2011 3:38 PM by 885899 RSS

    Connecting as root

    885899
      I am having major difficulties connecting as root. Our vulnerability scanner requires this ability. Can anyone help explain what I am doing wrong?

      1. Why does it even need to create an audit trail file with audit_trail=none? Does it audit logins regardless of audit settings?
      2. adump has perms 775, and root is in dba group (which shouldn't matter). I can "touch test" and "rm test" no problem, so that is not the issue.
      3. What am I a doing wrong?

      Running Oracle 10g Express on RHEL 5.4

      [root@clifford]# sqlplus / as sysdba

      SQL*Plus: Release 10.2.0.1.0 - Production on Thu Sep 1 20:22:08 2011

      Copyright (c) 1982, 2005, Oracle. All rights reserved.

      ERROR:
      ORA-09925: Unable to create audit trail file
      Linux Error: 13: Permission denied
      Additional information: 9925
      ORA-01031: insufficient privileges

      [root@clifford]# sqlplus sys/*password* as sysdba

      SQL*Plus: Release 10.2.0.1.0 - Production on Thu Sep 1 19:41:37 2011

      Copyright (c) 1982, 2005, Oracle. All rights reserved.

      ERROR:
      ORA-09925: Unable to create audit trail file.

      ---

      [root@clifford]# sudo su - oracle -c "sqlplus / as sysdba"

      SQL*Plus: Release 10.2.0.1.0 - Production on Thu Sep 1 19:31:12 2011

      Copyright (c) 1982, 2005, Oracle. All rights reserved.

      Connected to:
      Oracle Database 10g Express Edition Release 10.2.0.1.0 - Production

      SQL> show parameter audit

      NAME TYPE VALUE
      audit_file_dest string /usr/lib/oracle/xe/app/oracle/admin/XE/adump
      audit_sys_operations boolean FALSE
      audit_syslog_level string
      audit_trail string NONE

      [root@clifford]# grep root /etc/group
      root:x:0:root
      dba:x:533:oracle,root

      [root@clifford XE]# ls -l
      total 56
      drwxrwxr-x 2 oracle dba 4096 Sep 1 19:20 adump
        • 1. Re: Connecting as root
          user130038
          Usually there is a OS group called dba. All members of this group can connect as sysdba, because the are logged in to the OS.

          Normally root is not a member of this group, but a root user can make any user a member of this group.

          For more info launch:
          grep -i ora /etc/group

          If you make root member of dba group, it should solve your problem.

          HTH

          Edited by: user130038 on Sep 2, 2011 7:46 AM

          By default sys user will be audited, so Oracle will create audit files. This path doesn't have write permission for root. This is why you are getting that error.
          • 2. Re: Connecting as root
            885899
            From my original post:
            882896  wrote:
            [root@clifford]# grep root /etc/group
            root:x:0:root
            dba:x:533:oracle,root
            It wasn't working before I added root to the group, and adding it didn't fix the issue. Any other solutions?