su cannot open session error when starting Oracle XE database

Unix & Linux Asked by tsm on September 7, 2020

I have a RHEL 7.2 server with Oracle 11g Express Edition (11.2.0) installed. The installation of Oracle created a file named “oracle-xe” in /etc/init.d This is a bash script that can be used to start and stop the listener and database manually. When I’m logged on to the server, I can run the following:

dzdo /etc/init.d/oracle-xe start

and the Oracle listener + database are started without issue. I can log on using sqlplus and execute commands. I’m trying to use chkconfig to make it so that oracle-xe is executed automatically on system start, so that I do not have to manually start the listener and database every time the server is rebooted. The oracle-xe script itself is lengthy, but the meat of it contains the following:

# chkconfig: 2345 80 05

# Source fuction library
if [ -f /lib/lsb/init-functions ]
    . /lib/lsb/init-functions
elif [ -f /etc/init.d/functions ]
    . /etc/init.d/functions


echo $(date) >> $STARTUP_LOG    
$SU -s /bin/bash $ORACLE_OWNER -c "$LSNR start" >> $STARTUP_LOG 2>&1
$SU -s /bin/bash $ORACLE_OWNER -c "$SQLPLUS -s /nolog @$ORACLE_HOME/config/scripts/startdb.sql" >> $STARTUP_LOG 2>&1

I added the $STARTUP_LOG code and the >> redirect of output so that I could sort out what was happening. I added the script to chckconfig with the following:

cd /etc/init.d
dzdo chmod 750 oracle-xe
dzdo chkconfig --add oracle-xe
dzdo chkconfig oracle-xe on

The following command yields the given (shortened) output:

dzdo chkconfig --list

oracle-xe       0:off    1:off   2:on   3:on   4:on   5:on  6:off

I reboot the server, and it generates a log file at /home/tsm/log/oracle-xe.log with the following output:

Fri Jan 13 15:03:58 CST 2017
su: cannot open session: Permission denied
su: cannot open session: Permission denied

and as you might guess, as a result of this su failure, neither the listener nor the database engine have started. Since I see the reboot date/time in the log file, I know for sure that the script is being executed upon boot. It seems to me to be a permissions issue, that whatever account is being used to execute init scripts at startup for some reason cannot su as $ORACLE_OWNER, yet me as a lowly admin can do this just fine from the command prompt. It was my understanding that the init code is executed as root, and therefore this su command should run without a problem. I’ve been searching and trying various things for the better part of a day trying to sort this out, and have pulled out what little remains of my hair.

The server itself is using DirectAuthorize to grant access permissions, which is why I end up using dzdo instead of sudo. Could this have something to do with it?

One Answer

So I figured out what was happening. When a system is using DirectAuthorize, any account that wants to su as another user must use dzdo instead. This includes even the root account which is used to start any service via chkconfig during system boot. So I changed the following lines in my oracle-xe script file:

$SU -s /bin/bash $ORACLE_OWNER -c "$LSNR start" >> $STARTUP_LOG 2>&1
$SU -s /bin/bash $ORACLE_OWNER -c "$SQLPLUS -s /nolog @$ORACLE_HOME/config/scripts/startdb.sql" >> $STARTUP_LOG 2>&1

to this instead:

dzdo -s -u $ORACLE_OWNER $LSNR start >> $STARTUP_LOG 2>&1
dzdo -s -u $ORACLE_OWNER $SQLPLUS -s /nolog @ORACLE_HOME/config/scripts/startdb.sql >> @STARTUP_LOG 2>&1

dzdo isn't a direct replacement for su, as the options are different and you can't just simply drop it in place. In particular, there is no -c option for running a specific command with dzdo. Instead, the command to be executed is everything that appears at the end of the statement. The -s switch indicates to run a shell as the target user. After making these changes and rebooting, the listener and database instance started as user "oracle" without any hitches.

Answered by tsm on September 7, 2020

Add your own answers!

Related Questions

SSH on port 443 with SSLH

1  Asked on December 21, 2021


Reformat date to unix time stamp in csv table

3  Asked on December 21, 2021


i3wm / debian accent marks

2  Asked on December 21, 2021 by danoiseman


View 1 monitor in VNC session?

1  Asked on December 21, 2021


Problem after installing snapd

1  Asked on December 21, 2021 by hr20dev


what’s the relationship between iptables and firwalld

1  Asked on December 21, 2021 by westfarmer


What is my shell environement?

1  Asked on December 21, 2021 by mikibelavista


How to reinstall python

1  Asked on December 19, 2021 by aditya-ultra


Nvidia driver; Unable to load info from any available system

1  Asked on December 19, 2021 by whitewind


No external network access on Beaglebone

0  Asked on December 19, 2021


Port forwarding with KVM

0  Asked on December 19, 2021 by ari-stehney


Copy/paste into SSH’d VIM from local (Windows) clipboard

10  Asked on December 17, 2021 by frickskit


How to get tab completion when using curly braces in Bash

5  Asked on December 17, 2021 by weston-ganger


libpam-pwquality not working in Ubuntu 16.04

1  Asked on December 17, 2021


Asus TUF Ubuntu 18.04.1 elantech mouse freezes frequently

1  Asked on December 17, 2021 by srajan-soni


Ask a Question

Get help from others!

© 2022 All rights reserved. Sites we Love: PCI Database, MenuIva, UKBizDB, Menu Kuliner, Sharing RPP, SolveDir