OS환경 : Oracle Linux 7.5 (64bit)
DB 환경 : Oracle Database 19.3.0.0
방법 : 오라클 19c /etc/hosts 권한 부족시 발생하는 문제
보안 조치로 인해 /etc/hosts 파일의 권한이 부족한 경우 오라클DB에 미치는 영향에 대해 알아봄
3가지 테스트를 진행함
테스트1. 리스너 포트 1521 인 경우(동적 리스너)
테스트2. 리스너 포트 1522 에 local_listener 등록한 경우(동적 리스너)
테스트3. 리스너 포트 1523 에 local_listener 등록하지 않은 경우(정적리스너)
테스트1. 리스너 포트 1521 인 경우(동적 리스너)
기존 /etc/hosts 파일 권한 확인
1 2 | $ ls -al /etc/hosts -rw-r--r--. 1 root root 182 Aug 12 19:27 /etc/hosts |
644 권한이 부여되어있음(소유자는 읽기쓰기 가능, 그룹원과 일반사용자는 읽기만 가능)
현재 권한이 정상적으로 부여되어있음
기존 db, 리스너 상태 확인(리스너 기본 1521포트, local_listener 파라미터 미사용)
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 | 리스너 상태 확인 $ lsnrctl status LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 10:27:45 Copyright (c) 1991, 2019, Oracle. All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle19)(PORT=1521))) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production Start Date 18-SEP-2020 10:23:35 Uptime 0 days 0 hr. 4 min. 9 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /app/oracle/product/19c/network/admin/listener.ora Listener Log File /app/oracle/diag/tnslsnr/oracle19/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521))) Services Summary... Service "orcl19" has 1 instance(s). Instance "orcl19", status READY, has 1 handler(s) for this service... Service "orcl19XDB" has 1 instance(s). Instance "orcl19", status READY, has 1 handler(s) for this service... The command completed successfully db 상태 확인 $ sqlplus / as sysdba SQL*Plus: Release 19.0.0.0.0 - Production on Fri Sep 18 10:27:51 2020 Version 19.3.0.0.0 Copyright (c) 1982, 2019, Oracle. All rights reserved. Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.3.0.0.0 SQL> select instance_name, status, version from v$instance; INSTANCE_NAME STATUS VERSION ---------------- ------------ ----------------- orcl19 OPEN 19.0.0.0.0 local_listener 파라미터 확인 SQL> show parameter local_listener NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ local_listener string |
기존 db, 리스너 재기동 확인
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 | db 종료 SQL> shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. db 기동 SQL> startup ORACLE instance started. Total System Global Area 2516581464 bytes Fixed Size 8899672 bytes Variable Size 553648128 bytes Database Buffers 1946157056 bytes Redo Buffers 7876608 bytes Database mounted. Database opened. 리스너 종료 $ lsnrctl stop LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 10:31:25 Copyright (c) 1991, 2019, Oracle. All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle19)(PORT=1521))) The command completed successfully 리스너 기동 $ lsnrctl start LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 10:31:28 Copyright (c) 1991, 2019, Oracle. All rights reserved. Starting /app/oracle/product/19c/bin/tnslsnr: please wait... TNSLSNR for Linux: Version 19.0.0.0.0 - Production System parameter file is /app/oracle/product/19c/network/admin/listener.ora Log messages written to /app/oracle/diag/tnslsnr/oracle19/listener/alert/log.xml Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1521))) Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521))) Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle19)(PORT=1521))) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production Start Date 18-SEP-2020 10:31:28 Uptime 0 days 0 hr. 0 min. 0 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /app/oracle/product/19c/network/admin/listener.ora Listener Log File /app/oracle/diag/tnslsnr/oracle19/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521))) The listener supports no services The command completed successfully |
db 및 리스너 재기동시에도 문제 없이 잘 기동됨
/etc/hosts 파일 권한 변경
1 2 3 | # chmod 600 /etc/hosts # ls -al /etc/hosts -rw-------. 1 root root 182 Aug 12 19:27 /etc/hosts |
600 권한으로 변경함(소유자는 읽기쓰기 가능, 그룹원과 일반사용자는 읽기도 불가능)
파일 권한 변경 직후
alert log, listener.log 는 특이사항 없음
1 2 3 4 5 | $ tail -f /app/oracle/diag/rdbms/orcl19/orcl19/trace/alert_orcl19.log 이상없음 $ tail -f /app/oracle/diag/tnslsnr/oracle19/listener/trace/listener.log 이상없음 |
db, 리스너 종료
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 | 리스너 종료 $ lsnrctl stop LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 11:58:04 Copyright (c) 1991, 2019, Oracle. All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle19)(PORT=1521))) The command completed successfully db 종료 SQL> shutdown immediate Database closed. Database dismounted. ORACLE instance shut down. |
정상적으로 종료됨
리스너, db 기동
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 | 리스너 기동 $ lsnrctl start LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 12:00:02 Copyright (c) 1991, 2019, Oracle. All rights reserved. Starting /app/oracle/product/19c/bin/tnslsnr: please wait... TNSLSNR for Linux: Version 19.0.0.0.0 - Production System parameter file is /app/oracle/product/19c/network/admin/listener.ora Log messages written to /app/oracle/diag/tnslsnr/oracle19/listener/alert/log.xml Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1521))) Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521))) Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle19)(PORT=1521))) STATUS of the LISTENER ------------------------ Alias LISTENER Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production Start Date 18-SEP-2020 12:00:02 Uptime 0 days 0 hr. 0 min. 0 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /app/oracle/product/19c/network/admin/listener.ora Listener Log File /app/oracle/diag/tnslsnr/oracle19/listener/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1521))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521))) The listener supports no services The command completed successfully db 기동 SQL> startup ORACLE instance started. Total System Global Area 2516581464 bytes Fixed Size 8899672 bytes Variable Size 553648128 bytes Database Buffers 1946157056 bytes Redo Buffers 7876608 bytes Database mounted. Database opened. |
기동시 alert log, listener.log 도 특이사항 없음
다른 서버에서 접속 테스트
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | 다른 서버 tnsnames.ora $ cat tnsnames.ora # tnsnames.ora Network Configuration File: /app/oracle/product/19c/network/admin/tnsnames.ora # Generated by Oracle configuration tools. ORCL19 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.10.240)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19) ) ) 다른 서버에서 기존 서버로 tnsping $ tnsping orcl19 TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 12:08:45 Copyright (c) 1997, 2020, Oracle. All rights reserved. Used parameter files: Used TNSNAMES adapter to resolve the alias Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.10.240)(PORT = 1521)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19))) OK (0 msec) 다른 서버에서 기존 서버로 sqlplus 접속테스트 $ sqlplus system/oracle@orcl19 SQL*Plus: Release 19.0.0.0.0 - Production on Fri Sep 18 12:10:28 2020 Version 19.8.0.0.0 Copyright (c) 1982, 2020, Oracle. All rights reserved. Last Successful login time: Fri Sep 18 2020 12:08:52 +09:00 Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.3.0.0.0 SQL> select host_name from v$instance; HOST_NAME ---------------------------------------------------------------- oracle19 |
접속이 정상적으로 가능함
테스트2. 리스너 포트 1522 에 local_listener 등록한 경우(동적 리스너)
테스트를 위해 기존 포트 리스너 및 db 모두 종료
1 2 3 4 5 | $ lsnrctl stop 로그 생략 SQL> shutdown immediate 로그 생략 |
1522 포트 동적 리스너 및 db 기동 후 local_listener 파라미터 적용
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 | listener.ora 파일 확인 $ cat /app/oracle/product/19c/network/admin/listener.ora LISTENER2 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = oracle19)(PORT = 1522)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1522)) ) ) tnsnames.ora 파일 확인 $ cat /app/oracle/product/19c/network/admin/tnsnames.ora ORCL19_L2 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = oracle19)(PORT = 1522)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19) ) ) 1522 리스너 기동 $ lsnrctl start listener2 LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 12:19:37 Copyright (c) 1991, 2019, Oracle. All rights reserved. Starting /app/oracle/product/19c/bin/tnslsnr: please wait... TNSLSNR for Linux: Version 19.0.0.0.0 - Production System parameter file is /app/oracle/product/19c/network/admin/listener.ora Log messages written to /app/oracle/diag/tnslsnr/oracle19/listener2/alert/log.xml Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1522))) Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1522))) Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle19)(PORT=1522))) STATUS of the LISTENER ------------------------ Alias listener2 Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production Start Date 18-SEP-2020 12:19:37 Uptime 0 days 0 hr. 0 min. 0 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /app/oracle/product/19c/network/admin/listener.ora Listener Log File /app/oracle/diag/tnslsnr/oracle19/listener2/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1522))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1522))) The listener supports no services The command completed successfully db 기동 SQL> startup ORACLE instance started. Total System Global Area 2516581464 bytes Fixed Size 8899672 bytes Variable Size 553648128 bytes Database Buffers 1946157056 bytes Redo Buffers 7876608 bytes Database mounted. Database opened. local_listener 파라미터 설정 SQL> alter system set local_listener='ORCL19_L2'; System altered. local_listener 파라미터 확인 SQL> show parameter local_listener NAME TYPE VALUE ------------------------------------ ----------- ------------------------------ local_listener string ORCL19_L2 |
기동시 alert log, listener.log 도 특이사항 없음
리스너 상태 확인
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 | $ lsnrctl status listener2 LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 12:23:39 Copyright (c) 1991, 2019, Oracle. All rights reserved. Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle19)(PORT=1522))) STATUS of the LISTENER ------------------------ Alias listener2 Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production Start Date 18-SEP-2020 12:19:37 Uptime 0 days 0 hr. 4 min. 1 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /app/oracle/product/19c/network/admin/listener.ora Listener Log File /app/oracle/diag/tnslsnr/oracle19/listener2/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1522))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1522))) Services Summary... Service "orcl19" has 1 instance(s). Instance "orcl19", status READY, has 1 handler(s) for this service... Service "orcl19XDB" has 1 instance(s). Instance "orcl19", status READY, has 1 handler(s) for this service... The command completed successfully |
다른 서버에서 접속 테스트
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | 다른 서버 tnsnames.ora $ cat tnsnames.ora # tnsnames.ora Network Configuration File: /app/oracle/product/19c/network/admin/tnsnames.ora # Generated by Oracle configuration tools. ORCL19_L2 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.10.240)(PORT = 1522)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19) ) ) 다른 서버에서 기존 서버로 tnsping $ tnsping orcl19_l2 TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 12:25:01 Copyright (c) 1997, 2020, Oracle. All rights reserved. Used parameter files: Used TNSNAMES adapter to resolve the alias Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.10.240)(PORT = 1522)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19))) OK (10 msec) 다른 서버에서 기존 서버로 sqlplus 접속테스트 $ sqlplus system/oracle@orcl19_l2 SQL*Plus: Release 19.0.0.0.0 - Production on Fri Sep 18 12:25:17 2020 Version 19.8.0.0.0 Copyright (c) 1982, 2020, Oracle. All rights reserved. Last Successful login time: Fri Sep 18 2020 12:10:29 +09:00 Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.3.0.0.0 SQL> select host_name from v$instance; HOST_NAME ---------------------------------------------------------------- oracle19 |
접속이 정상적으로 가능함
테스트3. 리스너 포트 1523 에 local_listener 등록하지 않은 경우(정적리스너)
테스트를 위해 1522 포트 리스너 종료 및 local_listener 파라미터 값 삭제 후 db 종료
1 2 3 4 5 6 7 8 9 | $ lsnrctl stop listener2 로그 생략 SQL> alter system set local_listener=''; System altered. SQL> shutdown immediate 로그 생략 |
1523 포트 정적 리스너 및 db 기동
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 | listener.ora 파일 확인 $ cat /app/oracle/product/19c/network/admin/listener.ora LISTENER3 = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = oracle19)(PORT = 1523)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1523)) ) ) SID_LIST_LISTENER3 = (SID_LIST = (SID_DESC = (ORACLE_HOME = /app/oracle/product/19c) (SID_NAME = orcl19) ) ) tnsnames.ora 파일 확인 $ cat /app/oracle/product/19c/network/admin/tnsnames.ora ORCL19_L3 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = oracle19)(PORT = 1523)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19) ) ) 1523 리스너 기동 $ lsnrctl start listener3 LSNRCTL for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 12:33:58 Copyright (c) 1991, 2019, Oracle. All rights reserved. Starting /app/oracle/product/19c/bin/tnslsnr: please wait... TNSLSNR for Linux: Version 19.0.0.0.0 - Production System parameter file is /app/oracle/product/19c/network/admin/listener.ora Log messages written to /app/oracle/diag/tnslsnr/oracle19/listener3/alert/log.xml Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1523))) Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1523))) Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(HOST=oracle19)(PORT=1523))) STATUS of the LISTENER ------------------------ Alias listener3 Version TNSLSNR for Linux: Version 19.0.0.0.0 - Production Start Date 18-SEP-2020 12:33:58 Uptime 0 days 0 hr. 0 min. 0 sec Trace Level off Security ON: Local OS Authentication SNMP OFF Listener Parameter File /app/oracle/product/19c/network/admin/listener.ora Listener Log File /app/oracle/diag/tnslsnr/oracle19/listener3/alert/log.xml Listening Endpoints Summary... (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=oracle19)(PORT=1523))) (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1523))) Services Summary... Service "orcl19" has 1 instance(s). Instance "orcl19", status UNKNOWN, has 1 handler(s) for this service... The command completed successfully db 기동 SQL> startup ORACLE instance started. Total System Global Area 2516581464 bytes Fixed Size 8899672 bytes Variable Size 553648128 bytes Database Buffers 1946157056 bytes Redo Buffers 7876608 bytes Database mounted. Database opened. |
기동시 alert log, listener.log 도 특이사항 없음
다른 서버에서 접속 테스트
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 | 다른 서버 tnsnames.ora $ cat /app/oracle/product/19c/network/admin/tnsnames.ora # tnsnames.ora Network Configuration File: /app/oracle/product/19c/network/admin/tnsnames.ora # Generated by Oracle configuration tools. ORCL19_L3 = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.10.240)(PORT = 1523)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19) ) ) 다른 서버에서 기존 서버로 tnsping $ tnsping orcl19_l3 TNS Ping Utility for Linux: Version 19.0.0.0.0 - Production on 18-SEP-2020 12:40:59 Copyright (c) 1997, 2020, Oracle. All rights reserved. Used parameter files: Used TNSNAMES adapter to resolve the alias Attempting to contact (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.10.240)(PORT = 1523)) (CONNECT_DATA = (SERVER = DEDICATED) (SERVICE_NAME = orcl19))) OK (0 msec) 다른 서버에서 기존 서버로 sqlplus 접속테스트 $ sqlplus system/oracle@orcl19_l3 SQL*Plus: Release 19.0.0.0.0 - Production on Fri Sep 18 12:41:09 2020 Version 19.8.0.0.0 Copyright (c) 1982, 2020, Oracle. All rights reserved. Last Successful login time: Fri Sep 18 2020 12:25:18 +09:00 Connected to: Oracle Database 19c Enterprise Edition Release 19.0.0.0.0 - Production Version 19.3.0.0.0 SQL> select host_name from v$instance; HOST_NAME ---------------------------------------------------------------- oracle19 |
접속이 정상적으로 가능함
결론
/etc/hosts 권한 부족시에도 oracle db 접속이 정상적으로 가능함
접속이 정상적으로 되더라도 /etc/hosts 권한을 600으로 하는건 추후 오라클 DB운영에 문제가 발생할 수 있으니
644로 유지해줘야함
접속이 가능한 이유?
linux 6 버전까지는 로컬(본인서버)에 ping을 날릴때 /etc/hosts에 있는 hostname을 참조해서 ping을 날림
그래서 /etc/hosts 권한이 없는 사용자의 경우 ping 시도시 [ ping: unknown host ] 메세지가 발생함
하지만 linux 7 버전부터는 ping을 날릴때 /etc/hosts 에 권한이 없는 사용자여도 ping 시도시 정상적으로 ping이 성공함
oracle listener의 경우 listener.ora파일에 HOST = 부분에 ip가 아닌 hostname 으로 작성한 경우
1 2 3 4 5 6 7 | LISTENER = (DESCRIPTION_LIST = (DESCRIPTION = (ADDRESS = (PROTOCOL = TCP)(HOST = oracle19)(PORT = 1521)) (ADDRESS = (PROTOCOL = IPC)(KEY = EXTPROC1521)) ) ) |
/etc/hosts 파일의 hostname을 보고 리스너를 기동한다고 알고있음
하지만 linux7의 경우 /etc/hosts 파일을 읽을 수 없는 경우 또 다른 어떤 파일을 참조하여 hostname을 찾는듯함
linux 6 버전에서는 /etc/hosts 파일을 읽을 수 없는 경우 리스너 기동도 실패함
참조 : 오라클 11g R2 /etc/hosts 권한 부족시 발생하는 문제 https://positivemh.tistory.com/663
linux 6 버전에서 /etc/hosts 권한 600 부여 후 로컬 호스트네임으로 ping 테스트
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 | /etc/hosts 내용확인 # cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.0.30 ORACLE11 /etc/hosts 권한 확인 # ls -al /etc/hosts -rw-------. 1 root root 181 Oct 15 2019 /etc/hosts 권한 있는 유저로 ping # ping oracle11 PING ORACLE11 (192.168.0.30) 56(84) bytes of data. 64 bytes from ORACLE11 (192.168.0.30): icmp_seq=1 ttl=64 time=0.274 ms 64 bytes from ORACLE11 (192.168.0.30): icmp_seq=2 ttl=64 time=0.035 ms 64 bytes from ORACLE11 (192.168.0.30): icmp_seq=3 ttl=64 time=0.041 ms 64 bytes from ORACLE11 (192.168.0.30): icmp_seq=4 ttl=64 time=0.034 ms 권한 없는 유저로 ping $ ping oracle11 ping: unknown host oracle11 |
권한 없는 유저는 ping이 실패함
linux 7 버전에서 /etc/hosts 권한 600 부여 후 로컬 호스트네임으로 ping 테스트
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 | /etc/hosts 내용확인 # cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.10.240 oracle19 /etc/hosts 권한 확인 # ls -al /etc/hosts -rw-------. 1 root root 182 Aug 12 19:27 /etc/hosts 권한 있는 유저로 ping # ping oracle19 PING oracle19 (192.168.10.240) 56(84) bytes of data. 64 bytes from oracle19 (192.168.10.240): icmp_seq=1 ttl=64 time=0.045 ms 64 bytes from oracle19 (192.168.10.240): icmp_seq=2 ttl=64 time=0.044 ms 64 bytes from oracle19 (192.168.10.240): icmp_seq=3 ttl=64 time=0.044 ms 64 bytes from oracle19 (192.168.10.240): icmp_seq=4 ttl=64 time=0.044 ms 권한 없는 유저로 ping $ ping oracle19 PING oracle19 (192.168.10.240) 56(84) bytes of data. 64 bytes from oracle19 (192.168.10.240): icmp_seq=1 ttl=64 time=0.037 ms 64 bytes from oracle19 (192.168.10.240): icmp_seq=2 ttl=64 time=0.065 ms 64 bytes from oracle19 (192.168.10.240): icmp_seq=3 ttl=64 time=0.056 ms 64 bytes from oracle19 (192.168.10.240): icmp_seq=4 ttl=64 time=0.056 ms |
/etc/hosts 권한이 없는 유저도 ping 이 성공함
/etc/hostname 파일을 보고 읽는것으로 예상하고
해당파일도 600으로 권한 변경 후 테스트하였지만 결과는 동일했음
1 2 | $ ls -al /etc/hostname -rw-------. 1 root root 9 Aug 12 19:27 /etc/hostname |
참조 :
오라클 11gR2 /etc/hosts 권한 부족시 발생하는 문제(Oracle Linux 6) https://positivemh.tistory.com/663
https://m.blog.naver.com/renucs/221038877657'ORACLE > Admin' 카테고리의 다른 글
오라클 11g R2 10GB update 중 세션 kill 시 발생하는 문제 (0) | 2020.09.26 |
---|---|
오라클 11g R2 /etc/hosts 권한 부족시 발생하는 문제 (0) | 2020.09.18 |
오라클 19c 리스너 상태 READY와 UNKNOWN 차이 (0) | 2020.09.15 |
오라클 19c Oracle Database In-Memory BASE_LEVEL 기능 (2) | 2020.09.02 |
crsctl start crs wait 옵션 (0) | 2020.08.23 |