![[20170705]理解linux su命令.txt-小浪学习网](https://www.xlycwl.com/wp-content/themes/zibll/img/icon.png){kind=icon}
[20170705]理解linux su命令.txt
–//我一般在维护时经常使用root用户登录,然后su – oracle 转到其他用户操作
–//一般都加入 – 参数.这个已经成了条件反射…^_^.
# man su
change the effective user id and group id to that of user.
-, -l, –login
make the shell a login shell
–//也就是使用login里面的shell,设置好对应的环境.
–//如果执行没有-,也就是仅仅run a shell with substitute user and group ids,不替换里面的环境变量或者相关参数.
1.测试1:
–//当前以root用户登录:
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
# echo $oracle_home
# export aaa=test
# echo $aaa
test
# su – oracle
$ id
uid=1001(oracle) gid=1001(oinstall) groups=101(fuse),1001(oinstall),1002(dba),1003(racoper),1004(asmdba)
$ echo $aaa
–//无显示.
$ echo $oracle_home
/u01/app/oracle/product/11.2.0.4/dbhome_1
2.如果执行不加参数 – 呢?
$ echo $oracle_home
–//环境变量oracle_home没有设置,而root设置的环境变量aaa呢?
$ echo $aaa
test
–//可以发现可以显示环境变量aaa.
3.这样看来应该很少使用-参数.
–//实际上rac的管理oracle引入许多东西,建立grid用户.通过一些特殊例子来说明问题:
–//以grid用户登录:
[grid@dm01dbadm02 ~ ]$ ocrcheck
status of oracle cluster registry is as follows :
version : 3
total space (kbytes) : 262120
used space (kbytes) : 3852
available space (kbytes) : 258268
id : 2101855892
device/file name : +dbfs_dg
device/file integrity check succeeded
device/file not configured
device/file not configured
device/file not configured
device/file not configured
cluster registry integrity check succeeded
logical corruption check bypassed due to non-privileged user
–//ok.如果你加入参数:
$ ocrcheck -local
protl-602: failed to retrieve data from the local registry
procl-26: error while accessing the physical storage operating system error [permission denied] [13]
–//跟踪看看:
$ strace -f -o /tmp/b1.txt ocrcheck -local
protl-602: failed to retrieve data from the local registry
procl-26: error while accessing the physical storage operating system error [permission denied] [13]
$ grep ‘permission denied’ /tmp/b1.txt
14849 open(“/u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr”, o_rdonly|o_sync) = -1 eacces (permission denied)
–//要打开文件/u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr.
$ ls -l /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
-rw——- 1 root oinstall 272756736 2017-07-05 09:45:15 /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
–//注意看用户,组是root,oinstall,grid用户根本没有权限打开这个文件.
–//要解决这个问题一些dba采用把root用户里面加入grid的许多环境变量.以root用户执行,不过这样我认为不是很好!!
–//实际上很简单的方法就是切换到root用户执行,注意这个时候不能加入- 参数,因为这样grid的环境参数就丢失了,实际上这样就以
–//root用户执行,而使用的环境还是grid用户的.
$ su root
password:
# id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel)
# echo $path
/usr/local/bin:/bin:/usr/bin:/u01/app/11.2.0.4/grid/bin:.:/u01/app/11.2.0.4/grid/bin
# echo $oracle_home
/u01/app/11.2.0.4/grid
–//你可以发现grid的环境参数还在.这个使用以root用户执行如下:
# ocrcheck -local
status of oracle local registry is as follows :
version : 3
total space (kbytes) : 262120
used space (kbytes) : 2800
available space (kbytes) : 259320
id : 1632195400
device/file name : /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
device/file integrity check succeeded
local registry integrity check succeeded
logical corruption check succeeded
–//当然还可以以另外的方式,就是使用sudo命令. sudo ocrcheck -local
–//注意要修改/etc/sudoers,加入:
grid all=(all) all
$ sudo ocrcheck -local
[sudo] password for grid:
status of oracle local registry is as follows :
version : 3
total space (kbytes) : 262120
used space (kbytes) : 2800
available space (kbytes) : 259320
id : 1632195400
device/file name : /u01/app/11.2.0.4/grid/cdata/dm01dbadm02.olr
device/file integrity check succeeded
local registry integrity check succeeded
logical corruption check succeeded
