[20170705]理解linux su命令.txt

[20170705]理解linux su命令.txt

–//我一般在維護(hù)時(shí)經(jīng)常使用root用戶登錄,然后su – oracle 轉(zhuǎn)到其他用戶操作
–//一般都加入 – 參數(shù).這個(gè)已經(jīng)成了條件反射…^_^.

# man su?? ?? ?
change the effective user id and group id to that of user.

-, -l, –login
make the shell a login shell

–//也就是使用login里面的shell,設(shè)置好對(duì)應(yīng)的環(huán)境.
–//如果執(zhí)行沒(méi)有-,也就是僅僅run a shell with substitute user and group ids,不替換里面的環(huán)境變量或者相關(guān)參數(shù).

1.測(cè)試1:
–//當(dāng)前以root用戶登錄:
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
# echo $oracle_home
# export aaa=test
# echo $aaa
test

# su? – oracle
$ id
uid=1001(oracle) gid=1001(oinstall) groups=101(fuse),1001(oinstall),1002(dba),1003(racoper),1004(asmdba)

$ echo $aaa

–//無(wú)顯示.

$ echo $oracle_home
/u01/app/oracle/product/11.2.0.4/dbhome_1

2.如果執(zhí)行不加參數(shù) – 呢?

$ echo $oracle_home

–//環(huán)境變量oracle_home沒(méi)有設(shè)置,而root設(shè)置的環(huán)境變量aaa呢?
$ echo $aaa
test

–//可以發(fā)現(xiàn)可以顯示環(huán)境變量aaa.

3.這樣看來(lái)應(yīng)該很少使用-參數(shù).
–//實(shí)際上rac的管理oracle引入許多東西,建立grid用戶.通過(guò)一些特殊例子來(lái)說(shuō)明問(wèn)題:
–//以grid用戶登錄:
[grid@dm01dbadm02 ~ ]$ ocrcheck
status of oracle cluster registry is as follows :
???????? version????????????????? :????????? 3
???????? total space (kbytes)???? :???? 262120
???????? used space (kbytes)????? :?????? 3852
???????? available space (kbytes) :???? 258268
???????? id?????????????????????? : 2101855892
???????? device/file name???????? :?? +dbfs_dg
??????????????????????????????????? device/file integrity check succeeded
??????????????????????????????????? device/file not configured
??????????????????????????????????? device/file not configured
??????????????????????????????????? device/file not configured
??????????????????????????????????? device/file not configured
???????? cluster registry integrity check succeeded
???????? logical corruption check bypassed due to non-privileged user

–//ok.如果你加入?yún)?shù):
$ ocrcheck -local
protl-602: failed to retrieve data from the local registry
procl-26: error while accessing the physical storage operating system error [permission denied] [13]

–//跟蹤看看:
$ strace -f -o /tmp/b1.txt ocrcheck -local
protl-602: failed to retrieve data from the local registry
procl-26: error while accessing the physical storage operating system error [permission denied] [13]

$ grep ‘permission denied’ /tmp/b1.txt
14849 open(“/u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr”, o_rdonly|o_sync) = -1 eacces (permission denied)

–//要打開(kāi)文件/u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr.

$ ls -l /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
-rw——- 1 root oinstall 272756736 2017-07-05 09:45:15 /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
–//注意看用戶,組是root,oinstall,grid用戶根本沒(méi)有權(quán)限打開(kāi)這個(gè)文件.

–//要解決這個(gè)問(wèn)題一些dba采用把root用戶里面加入grid的許多環(huán)境變量.以root用戶執(zhí)行,不過(guò)這樣我認(rèn)為不是很好!!
–//實(shí)際上很簡(jiǎn)單的方法就是切換到root用戶執(zhí)行,注意這個(gè)時(shí)候不能加入- 參數(shù),因?yàn)檫@樣grid的環(huán)境參數(shù)就丟失了,實(shí)際上這樣就以
–//root用戶執(zhí)行,而使用的環(huán)境還是grid用戶的.

$ su root
password:

# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
# echo $path
/usr/local/bin:/bin:/usr/bin:/u01/app/11.2.0.4/grid/bin:.:/u01/app/11.2.0.4/grid/bin

# echo $oracle_home
/u01/app/11.2.0.4/grid

–//你可以發(fā)現(xiàn)grid的環(huán)境參數(shù)還在.這個(gè)使用以root用戶執(zhí)行如下:
# ocrcheck -local
status of oracle local registry is as follows :
???????? version????????????????? :????????? 3
???????? total space (kbytes)???? :???? 262120
???????? used space (kbytes)????? :?????? 2800
???????? available space (kbytes) :???? 259320
???????? id?????????????????????? : 1632195400
???????? device/file name???????? : /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
??????????????????????????????????? device/file integrity check succeeded
???????? local registry integrity check succeeded
???????? logical corruption check succeeded

–//當(dāng)然還可以以另外的方式,就是使用sudo命令. sudo ocrcheck -local
–//注意要修改/etc/sudoers,加入:
grid??? all=(all)?? all

$ sudo ocrcheck -local
[sudo] password for grid:
status of oracle local registry is as follows :
???????? version????????????????? :????????? 3
???????? total space (kbytes)???? :???? 262120
???????? used space (kbytes)????? :?????? 2800
???????? available space (kbytes) :???? 259320
???????? id?????????????????????? : 1632195400
???????? device/file name???????? : /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
??????????????????????????????????? device/file integrity check succeeded
???????? local registry integrity check succeeded
???????? logical corruption check succeeded