Oracle DBA – A lifelong learning experience

Permissions problem with and tnsnames.ora

Posted by John Hallas on November 5, 2012

There is a Bug documented in MoS regarding the setting of permissions by the script (which calls  This causes the ownership of grid home to be owned by root and permissions given to oinstall group

app/gridsoft/ $ls -ld

drwxr-x---  65 root       oinstall      2048 Feb 27  2012 . 

This causes any user who is not in the oinstall group not  to be able to run any programs such as sqlplus. The bug reference and title is Bug 13789909 : SIHA INSTALL CHANGES THE GRID HOME PERMISSION TO 750 .

The bug is dismissed as being not a problem because nobody should be running executables from the grid home, they should be running from the RDBMS home. A fair point until you consider the location of the tnsnames.ora file.  Any user owning  a dblink needs to access the tnsnames file and even if you link the entry in Grid/network/admin to RDBMS/network/admin the user still does not have access to tnsnames.ora file.

This has only happened in and only on standalone RAC installs. It applies to HPUX and OEL5 s far as I am aware although it was only reported against OEL.  The resolution is easy enough – in our case it would be

chmod 755 /app/gridsoft/

 However I do think oracle should address this as the bug it is and not ignore it.

3 Responses to “Permissions problem with and tnsnames.ora”

  1. nlitchfield said


    A workaround for your problem might be to define database links using SQL*Net connection strings rather than aliases from the tnsnames file. These days I’m leaning much more to centralized naming, but that might be overkill in your case.

    Having said all that I am a bit confused about your exact situation. Wouldn’t the relevant tnsnames be located in the rdbms home unless TNS_ADMIN or similar was in play.

    • John Hallas said

      Thanks Younes and Niall. Using the full name in the db_link rather than using a tnsnames.ora file is a workaround but the easiest solution is just to change the permissions on the directory structure.
      It least it gives any other readers an alternative if that is the way they might want to go

  2. Hi John,

    For DbLinks, I prefer using Easy Naming instead of relying on tnsnames.ora file.

    Create database link dbl using ‘//server:port/service_name’

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: