Which user to run ADRCI?

Since Oracle 11g, RDBMS diagnostic data has been reorganized and is stored inside a common directory structure, the Automatic Diagnostic Repository (ADR). An ADR is a centralized directory structure where one can find trace files, alert messages, incident dumps, core files, etc. And a comand line tool ADRCI can be used to mange this repository. A few days ago, I wrote another post regarding using ADRCI to do housekeeping work.

With a RAC envrionment, ususally you run ADRCI from two user levels: grid and oracle to manage the repository for GI level (including ASM, GIMR/MGMTDB, listener etc.) and RDBMS. That would work well for most of ADR homes. However I’ve noticed there are a few ADR homes (directories) under ADR base which are created by the user “root”. See below that the directory “user_root” under diag/asm and diag/asmtool belongs the user “root”

ADR base = "/u01/app/oracle"
adrci> show homes
ADR Homes:
diag/asm/user_root/host_1420761839_82
diag/asmtool/user_root/host_1420761839_82
diag/rdbms/saprod/APROD1
diag/rdbms/aprod/APROD1
diag/clients/user_oracle/host_1420761839_82

[oracle@joeoda001 ~]$ ls -ld /u01/app/oracle/diag/asmtool/user_root
drwxr-xr-x 3 root root 4096 Apr 29 13:02 /u01/app/oracle/diag/asmtool/user_root

In this case, running ADRCI from the user “grid” or “oracle” to manage them will throw some permission errors. For example:

adrci> show version schema
DIA-48251: Failed to open relation due to following error
DIA-48122: error with opening the ADR block file [/u01/app/oracle/diag/asm/user_root/host_1420761839_82/metadata/ADR_CONTROL.ams] [0]
DIA-27041: Message 27041 not found;  product=RDBMS; facility=DIA
Linux-x86_64 Error: 13: Permission denied
Additional information: 9

[oracle@joeoda001 ~]$ ls -lrt /u01/app/oracle/diag/asm/user_root/host_1420761839_82/metadata/ADR_CONTROL.ams
-rw-r----- 1 root root 65536 Apr 29 13:02 /u01/app/oracle/diag/asm/user_root/host_1420761839_82/metadata/ADR_CONTROL.ams

The file in the above example has the permission of 640 which prevents other users from reading it.

I am not sure which process from ASM generates files there. But apparently that process running as the user “root”. So to manage such ADR homes, I can see two options here:

  1. run ADRCI as the user root.
  2. change the file permissions from 640 to 644 at least to let other users like grid or oracle can read it. Or further allow the write/execute access if needed.

Reference:

  • Understanding Automatic Diagnostic Repository (Doc ID 422893.1)
  • DIA-48122: Error Opening The Adr Block File ./Metadata/Incident.Ams] [0] (Doc ID 889714.1)
  • NET Client Traces Generated In $ADR_BASE/oradiag_/diag/clients/ Directory (Doc ID 1545533.1)

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s