Saturday, September 5, 2015

ACFS - No Write Permission (Permission denied)


Oracle 12c : RAC - ACFS
No Write Permission on ACFS Mount Point


ISSUE :

After creating and mounting ACFS, when we try to create any file under this we are getting Permission denied.  Means we dont have permission to create any file under ACFS Mount point, ever if I user privilege user like (root).


touch: cannot touch `amit': Permission denied


[root@rac121 dev]# cd /ACFS/
[root@rac121 ACFS]# touch amit
touch: cannot touch `amit': Permission denied
[root@rac121 ACFS]# chown -R oracle:oinstall /ACFS/
[root@rac121 ACFS]# ls -ltrah .
total 72K


INVESTIGATION AND CAUSE :

The problem was the SELinux is enabled on the Linux System.

To check, if SELinux is enable/disable on the system, cat the file"/etc/selinux/config"

[oracle@rac121 ACFS]$ . oraenv
ORACLE_SID = [oracle] ? +ASM1
The Oracle base has been set to /u01/app/oracle


[oracle@rac121 ACFS]$ acfsdriverstate loaded
ACFS-9203: true


[oracle@rac121 ACFS]$ acfsutil info fs
/ACFS
    ACFS Version: 12.1.0.2.0
    on-disk version:       39.0
    flags:        MountPoint,Available
    mount time:   Sat Sep  5 12:55:33 2015
    allocation unit:       4096
    volumes:      1
    total size:   20669530112  (  19.25 GB )
    total free:   20548558848  (  19.13 GB )
    file entry table allocation: 49152
    primary volume: /dev/asm/vol_acfs-391
        label:
        state:                 Available
        major, minor:          251, 200193
        size:                  20669530112  (  19.25 GB )
        free:                  20548558848  (  19.13 GB )
        ADVM diskgroup         DG_ACFS
        ADVM resize increment: 67108864
        ADVM redundancy:       unprotected
        ADVM stripe columns:   8
        ADVM stripe width:     1048576
    number of snapshots:  0
    snapshot space usage: 0  ( 0.00 )
    replication status: DISABLED


Here we can see this in my server SELinux is enabled. 


[oracle@rac121 ACFS]$ sestatus

SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 26
Policy from config file:        targeted


[oracle@rac121 ACFS]$ cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted


SOLUTION

Disable SELinux and reboot the server on both nodes.

[root@rac121 ~]# vi /etc/selinux/config

[root@rac121 ~]# cat /etc/selinux/config

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of these two values:
#     targeted - Targeted processes are protected,
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

Now login and recheck.

 [oracle@rac122 ~]$ cd /ACFS
[oracle@rac122 ACFS]$ ls -l
total 64
drwx------ 2 oracle oinstall 65536 Sep  5 22:25 lost+found
[oracle@rac122 ACFS]$ touch amit

[oracle@rac122 ACFS]$ ls -ltrah
total 72K
drwx------   2 oracle oinstall  64K Sep  5 22:25 lost+found
dr-xr-xr-x. 29 root   root     4.0K Sep  5 22:59 ..
-rw-r--r--   1 oracle oinstall    0 Sep  5 23:07 amit
drwxr-xr-x   4 oracle oinstall 4.0K Sep  5 23:07 .
[oracle@rac122 ACFS]$
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)