ChangePerm sh

From Oracle FAQ
Jump to: navigation, search

NOTE: The script is not available for Oracle 11.1.0.x and later because the permissions under the Oracle Home are already set to a correct relaxed state. is a script that allows users that do not belong to the "dba" group to access and execute files in the ORACLE_HOME directory.

The script is located in the ORACLE_HOME/install directory on Unix and Linux systems (there is no equivalent for Windows). This script ships with Oracle Database versions, Oracle 10g.

The file is no more available nor necessary for Oracle database server 11.1.0.x because in 11g, permissions under the Oracle Home (including "others") are set correctly/relaxed. (oracle note 834626.1)

When to run this script[edit]

Only run this script when absolutely required as it will reduce security.

A good hint that you need to run this script is if errors like this is reported and the environment (ORACLE_HOME) is correctly set:

$ sqlplus
Error 6 initializing SQL*Plus
Message file sp1<lang>.msb not found
SP2-0750: You may need to set ORACLE_HOME to your Oracle software directory
Exit 1

Internal workings[edit]

The script (borne shell) loops through a hard-coded set of files and directories, extracts the "group" permissions, and set the "other" permissions the same as the group's permissions. By doing so, "other" users are able to execute these files and change to these directories.

Example output[edit]

Sample output when the script is executed:

$ cd $ORACLE_HOME/install
$ ./
Disclaimer: The purpose of this script is to relax permissions on some of the
files in the database Oracle Home so that all clients can access them.
Please note that Oracle Corporation recommends using the most restrictive file
permissions as possible for your given implementation.  Running this script
should be done only after considering all security ramifications.
-n Do you wish to continue (y/n) [n]:
Finished running the script successfully
Please see /tmp/changePerm_err.log for errors and /tmp/changePerm.log for the log of events