IT博客汇 | [原]AIX平台上11.2 Grid Infrastructure RDBMS进程的user是grid用户?

[原]AIX平台上11.2 Grid Infrastructure RDBMS进程的user是grid用户?

changyanmanman发表于 2016-12-19 14:47:00

转自：http://www.askmaclean.com/archives/aix-11-2-grid-infrastructure-rdbms-owned-by-grid.html

注意这个问题目前发现仅发生在11.2 + AIX平台上，不管是Standalone Grid 还是RAC Grid Infrastructure 都可能遇到，使用ps -ef列出RDBMS实例进程时发现进程的user是Grid ，照理来说$RDBMS_HOME/bin/oracle的拥有者是oracle，这些进程应当属于oracle用户；这种现象可能仅发生在LOCAL=NO的服务进程上，也可能发生在包括后台进程上。

现象如下：

oracle@mac01:/home/oracle>ps -p 
oracle@mac01:/home/oracle>ps -ef |grep -i local=no
    grid  3866680        1   0 17:11:03      -  0:08 oracleG11R231 (LOCAL=NO)
    grid  5374010        1   0 17:11:04      -  0:10 oracleG11R231 (LOCAL=NO)
    grid  5832916        1   0 17:11:04      -  0:07 oracleG11R231 (LOCAL=NO)
    grid  5898482        1   0 17:11:04      -  0:08 oracleG11R231 (LOCAL=NO)
    grid  5963946        1   0 19:08:47      -  0:00 oracleG11R231 (LOCAL=NO)
    grid  6160614        1   0 19:08:47      -  0:00 oracleG11R231 (LOCAL=NO)
    grid  6684846        1   0 17:11:03      -  0:08 oracleG11R231 (LOCAL=NO)
    grid  6947026        1   0 17:11:04      -  0:08 oracleG11R231 (LOCAL=NO)
    grid  8978436        1   0 19:08:47      -  0:00 oracleG11R231 (LOCAL=NO)
    grid  9961692        1   0 19:08:47      -  0:00 oracleG11R231 (LOCAL=NO)
    grid 10158178        1   0 19:08:47      -  0:21 oracleG11R231 (LOCAL=NO)
    grid 10354770        1   0 19:08:47      -  0:00 oracleG11R231 (LOCAL=NO)
    grid 10747936        1   0 17:43:13      -  0:08 oracleG11R231 (LOCAL=NO)
    grid 10944566        1   0 19:08:47      -  0:00 oracleG11R231 (LOCAL=NO)
    grid 11403516        1   0 19:08:47      -  0:00 oracleG11R231 (LOCAL=NO)
    grid 11665480        1  91 19:08:46      -  4:45 oracleG11R231 (LOCAL=NO)
    grid 12255372        1   0 17:43:13      -  0:08 oracleG11R231 (LOCAL=NO)
    grid 12386550        1   0 19:08:46      -  0:00 oracleG11R231 (LOCAL=NO)
    grid 15466566        1   0 19:08:47      -  0:00 oracleG11R231 (LOCAL=NO)
  oracle 19005520 13697088   0 15:22:02  pts/2  0:00 grep -i local=no

oracle@mac01:/home/oracle>ps -p 15466566 -f
     UID      PID     PPID   C    STIME    TTY  TIME CMD
    grid 15466566        1   0 19:08:47      -  0:00 oracleG11R231 (LOCAL=NO)


oracle@mac01:/home/oracle>ps -p 15466566 -o uid,user,ruid,ruser,args
 UID     USER RUID    RUSER COMMAND
3001   oracle 3016     grid oracleG11R231 (LOCAL=NO)

oracle@mac01:/home/oracle>ls -l $ORACLE_HOME/bin/oracle
-rwsr-s--x    1 oracle   asmadmin  301231110 Sep 11 15:08 /s01/oracle/product/11.2.0/dbhome_1/bin/oracle

实际原因是 DB Instance在RAC环境中自动启动时是使用GRID用户名下的oraagent负责管理，oraagent 的login user 是grid，即real user id是GRID ,它负责调用call $RDBMS_HOME/bin/oracle 这个2进制文件(属于oracle用户 -rwsr-s–x 1 oracle asmadmin)，且该2进制文件是setuid的，当调用setuid 应用时effective user ID变成oracle，但是 real user id是不变的。

关于 real user ID和effective user ID的解释如下：

Most of the time, the effective user ID of a process is just the same as the real ones, and there’s no point in making a fuss of this minor distinction.

Things start to get interesting when you invoke a setuid application, however. Assume you’re logging into your normal user account, which has a user ID of 500. Now you invoke a setuid root application. Because it’s setuid root, the operating system will set the the effective user ID of the process to that of the root user (0). The real user ID, however, remains unchanged. This allows the application to learn the identity of the user who invoked it, and to continue to access files etc with the privilege of the invoking user.

在Linux平台上不存在该问题， user和ruser均是oracle。

在AIX ps -p -f 显示的是login name of the process owner is shown，即real user id

ps -p -o user,ruser 显示的：

user Indicates the effective user ID of the process

ruser Indicates the real user ID of the process

BUG 9666617 – INSTANCE IS STARTED WITH USER GRID中分析了上述问题，并认为这不是一个软件bug close this as ‘not as bug’.