you are a new oracle dba and you would like to install a 32bit version of extproc in a 64bit Oracle 11GR2 installation.Below oracle metalink document explains this.
How to install 32-bit extproc on 64-bit environment in 11g R2. [ID 884703.1] | ||
Modified 26-JAN-2011 Type HOWTO Status PUBLISHED |
In this Document
Goal
Solution
Applies to:
Oracle Server – Enterprise Edition – Version: 11.2.0.0 to 11.2.0.2 – Release: 11.2 to 11.2
Information in this document applies to any platform.
Goal
Starting with 11.2.0.1.0 you will find that the extproc32 (32-bit version of extproc) is missing from the 11GR2 installation. In earlier releases you can find the 32-bit version of extproc32 along with 64-bit extproc.
This is changed in 11.2.0.1.0 onwards for all the platforms. If you are looking to use 32-bit extproc in 64-bit installation you should use the following method to install extproc32.
Solution
The 32-bit client, along with any 32-bit client side binaries, are no longer shipped with the server version of the 64-bit platforms starting with 11gR2.
We are shipping a separately installable 32-bit client that you can install on any of the 64-bit platforms.
For example, to install the 32-bit Linux version of extproc on 64-bit Linux, you can install it from the 32-bit Linux client CD. (Same holds true for HPI, AIX, etc.) The 32bit client will need a separate ORACLE_HOME from the 64bit server installation.
For extproc, you can choose client => custom, and then select the Database Utilities option.
This will give you extproc.
However, if you deinstall the Server Home, the client Home will be deinstalled as well.
How To Run Extproc Agent Under A Less Privileged Account [ID 1204853.1]
——————————————————————————–
Modified 16-SEP-2010 Type HOWTO Status PUBLISHED
In this Document
Goal
Solution
References
——————————————————————————–
Applies to:
Oracle Server – Enterprise Edition – Version: 11.1.0.7 and later [Release: 11.1 and later ]
Information in this document applies to any platform.
Goal
How to run extproc agent under a less privileged account.
Solution
By default the extproc agent is spawned directly by Oracle. The following steps can be used to run the extproc agent as another user:
1) Create a new user as root:
useradd -g users -d “/home/marc” -s /usr/bin/ksh marc
$id marc
uid=109(marc) gid=20(users)
2) Create a new Oracle user on the database and then as this new user create a test package:
create user test identified by manager;
grant create session to test;
grant create library to test;
grant resource to test;
conect test/manager
create or replace library mishell_lib is ‘/tmp/shell.so’;
CREATE OR REPLACE PACKAGE BD_UTIL as
FUNCTION shell_ejecucion(comando in char) return pls_integer;
END;
CREATE OR REPLACE PACKAGE BODY BD_UTIL is
FUNCTION shell_ejecucion(comando in char) return pls_integer
as language C
name “shell”
library mishell_lib
parameters (comando string,return int);
END bd_util;
declare
retorno binary_integer;
begin
retorno := bd_util.shell_ejecucion(‘/usr/bin/date > /tmp/test.txt’);
dbms_output.put_line(retorno);
end;
$ ll /tmp/test.txt
-rw-r–r– 1 oracle dba 32 Aug 19 14:46 /tmp/test.txt
rac1:/home/oracle$ cat /tmp/test.txt
Thu Aug 19 14:46:23 METDST 2010
3) Change the ownership and the permissions of the extproc executable
$cd $ORACLE_HOME/bin
$cp -p extproc extproc.test.2
$chown marc:users extproc
$chmod u+s extproc
$chmod g+s extproc
$chmod 751 extproc
s -ltr extproc
-rwxr-x–x 1 marc users 74216 Jan 12 2010 extproc
$rm /tmp/test.txt
4) Test the execution :
sqlplus test/manager
declare
retorno binary_integer;
begin
retorno := bd_util.shell_ejecucion(‘/usr/bin/date > /tmp/test.txt’);
dbms_output.put_line(retorno);
end;
/
5) Check the user used to run the external procedure(look for the owner of the file):
$ ll /tmp/test.txt
-rw-r–r– 1 marc users 32 Aug 19 15:00 /tmp/test.txt
rac1:/home/oracle$ cat /tmp/test.txt
Thu Aug 19 15:00:50 METDST 2010
References
BUG:10049161 – ORA-28575 ON LINUX 32BIT WITH EXTPROC USING OTHERS USERS AND GROUP
NOTE:1011995.6 – COMMON ORACLE PERMISSION PROBLEMS ON UNIX
NOTE:1016249.102 – OPERATING SYSTEM PERMISSION DENIED ERROR ACCESSING THE DATABASE
NOTE:1109144.1 – How to execute both 32-bit and 64-bit External Procedures within the same 11.2 database
NOTE:1136408.1 – Master Note For PL/SQL External Procedures
EXTPROC: How to Run External Procedures as a Non-oracle User [ID 1018659.102] | ||
Modified 21-SEP-2010 Type HOWTO Status PUBLISHED |
Introduction
————
A PLSQL external procedure callout runs by default as the ‘oracle’ user. Some
view this as a potential security risk as a malicious C program could overwrite
any file owned by the ‘oracle’ user, including data and control files.
How to Run External Procedures as a Non-oracle User
—————————————————
Here are the steps:
1. Create a separate listener for the extproc process.
(refer to note:70638.1, Section “Listener Configuration Issues” for details)
2. Modify the following binaries such that the ‘S’ bit is not set. These are
located in your $ORACLE_HOME/bin directory. For example,
-rwsr-s–x tnslsnr* –> chmod 755 tnslsnr
-rwxr-x–x extproc* –> this one is OK
-rwsr-s–x lsnrctl* –> chmod 755 lsnrctl
3. Modify the listener log file entry inside your listener.ora file to point to
a directory accessible to the new user. For example,
log_directory_callout_listener=/my_home_dir
Note that the above example assumes the external procedure listener name is
‘callout_listener’. If you selected a different name, use it instead.
4. Log in as the new user and re-start the extproc listener. For example,
lsnrctl start callout_listener
Explanation
———–
When the ‘S’ bit is set, the listener process being started will inherit
OS permissions of the owner of the binary, regardless of who starts the
process. When the ‘S’ bit is unset, the process will start assuming the OS
privileges and ownership of the user who just started the process.
Caution
——-
You must be aware of who you are (at the UNIX level) when you start listeners
on your database. You NEVER want to start the DATABASE listener as a non-oracle
user; only start your extproc listener as a non-oracle user.