一、需求,使用chown -R mysql:mysql / 修改了所有目录! 本次测试如何恢复操作系统权限!
本次使用的是操作系统命令getfacl
二、测试操作
2.1 模拟误操作
# chown -R mysql:mysql /
···
chown: changing ownership of proc/3037/task/3037/oom_adj Permission denied
···
chown: changing ownership of sys/fs/cgroup/cpu Read-only file system
chown: changing ownership of sys/fs/cgroup Read-only file system
2.2 观察OS上的Oracle DB
# su - oracle Last login: Sun May 16 19:12:33 CST 2021 on pts/3 su: warning: cannot change directory to /home/oracle: Permission denied mkdir: cannot create directory '/home/oracle': Permission denied -bash: /home/oracle/.bash_profile: Permission denied 19c SQL> alter system checkpoint; alter system checkpoint * ERROR at line 1: ORA-03113: end-of-file on communication channel Process ID: 2415 Session ID: 34 Serial number: 18564 SQL> exit Disconnected from Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.3.0.0.0 DB alert 无任何记录!
2.3 进行恢复
找一个同版本好的系统,对权限备份,目标主机重启ssh服务,随后scp将好的权限文件拷贝过去!
找一台其他同类正常的测试单机环境,备份好的权限属主 #getfacl -pR / >/tmp/dir_backup.txt 修改ssh权限,启动ssh服务 # systemctl status sshd.service # chown root:root /etc/hosts.allow # chown root:root /usr/sbin/sshd # chown root:root /usr/lib/systemd/system/sshd.service # chown -R root:root /var/empty/sshd # systemctl restart sshd.service
# scp /tmp/dir_backup.txt root@10.0.0.93:/tmp/.
手工恢复部分权限,随后使用好的系统权限刷一遍!
恢复有问题的机器 # chown root:root /tmp # chown -R root:root /etc # chown -R root:root /lib # chown -R root:root /bin # chown -R root:root /usr # chown -R root:root /sbin # chown root:ssh_keys /etc/ssh/*key # chmod +s /usr/bin/su # chown root:root /var 根据/var目录手工排除tmp目录! # chown -R root:root /var/yp # chown -R root:root /var/preserve # chown -R root:root /var/opt # chown -R root:root /var/nis # chown -R root:root /var/local # chown -R root:root /var/gopher # chown -R root:root /var/games # chown -R root:root /var/adm # chown -R root:root /var/crash # chown -R root:root /var/kerberos # chown -R root:root /var/empty # chown -R root:root /var/account # chown -R root:root /var/db # chown -R root:root /var/spool # chown -R root:root /var/lib # chown -R root:root /var/cache # chown -R root:root /var/log # chown root:root /var/tmp # chown root:root /var/tmp/systemd* #chown root:tty /bin/wall #chown root:slocate /bin/locate #chown root:cgred /bin/cgexec #chown root:cgred /bin/cgclassify #chown root:stapusr /bin/staprun #chown root:nobody /bin/ssh-agent #chown root:tty /bin/write #chown root:chrony /etc/chrony.keys #chown tss:tss /etc/tcsd.conf #chown root:postdrop /usr/sbin/postqueue #chown root:postdrop /usr/sbin/postdrop #chown rpc:rpc /run/rpcbind #chown root:libstoragemgmt /run/lsm #chown root:libstoragemgmt /run/lsm/ipc #chown root:utmp /run/utmp #setfacl --restore=/tmp/dir_backup.txt
最后,手工修改Oracle的部分权限!
# id oracle uid=200(oracle) gid=2000(oinstall) groups=2000(oinstall),2001(dba),2002(oper),503(backupdba),504(dgdba),505(kmdba),506(racdba) #cd /home #ls -lrt #chown -R oracle:oinstall oracle # cat 11204_profile export ORACLE_BASE=/u01/app/oracle export ORACLE_HOME=/u01/app/oracle/product/11.2.0/dbhome_1 # cat 19_profile export ORACLE_BASE=/u01/app/oracle export ORACLE_HOME=/u01/app/oracle/product/19/dbhome_1 #chown -R oracle:oinstall /u01/app/oraInventory #chown -R oracle:oinstall /u01/app/oracle #chown oracle:oinstall /data/oracle/*.dbf # ls -ld /u01 # chown oracle:oinstall /u01 # chown oracle:oinstall /u01/app # pwd /var/tmp/.oracle # chown oracle:oinstall *
验证
ssh服务状态 # systemctl status sshd.service DB能否正常读写 sqlplus / as sysdba <<EOF alter system switch logfile; alter system checkpoint; exit; EOF
监听程序是否正常
lsnrctl status
#init 6
or #reboot 重启确认系统可以正常重启完成!!!