Eu tropecei em algo muito surpreendente que não consigo entender em uma caixa Red Hat EL 5.6: o usuário hri (que está no grupo dba ) é capaz de matar processos pertencentes ao usuário oracle (que também está no grupo dba ).
Alguém é capaz de explicar o que poderia permitir que um usuário sem privilégios eliminasse os processos de outro usuário? Mesmo que o processo da Oracle tenha sido escrito para lidar com sinais, eu acho que processos não poderiam prender SIGKILL (9).
Abaixo está um log de sessão que mostra isso.
OracleServer:/home/hri> export ORACLE_SID=HRIXXXDW
OracleServer:/home/hri> sqlplus / as sysdba
SQL*Plus: Release 10.2.0.5.0 - Production on Thu Dec 12 17:30:56 2013
Copyright (c) 1982, 2010, Oracle. All Rights Reserved.
Connected to an idle instance.
SQL> startup
ORA-09925: Unable to create audit trail file
Linux-x86_64 Error: 13: Permission denied
Additional information: 9925
SQL> Disconnected
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 28295 0.0 0.0 61164 676 pts/9 S+ 17:31 0:00 \_ grep HRIXXX
oracle 28263 0.0 0.0 759668 17384 ? Ss 17:31 0:00 ora_pmon_HRIXXXDW
oracle 28265 0.0 0.0 758488 16576 ? Ss 17:31 0:00 ora_psp0_HRIXXXDW
oracle 28267 0.1 0.0 758488 23948 ? Ss 17:31 0:00 ora_mman_HRIXXXDW
oracle 28269 0.0 0.0 760968 19308 ? Ss 17:31 0:00 ora_dbw0_HRIXXXDW
oracle 28271 0.0 0.0 760960 19284 ? Ss 17:31 0:00 ora_dbw1_HRIXXXDW
oracle 28273 0.0 0.0 758488 16656 ? Ss 17:31 0:00 ora_lgwr_HRIXXXDW
oracle 28275 0.0 0.0 758492 19092 ? Ss 17:31 0:00 ora_ckpt_HRIXXXDW
oracle 28277 0.0 0.0 758488 16596 ? Ss 17:31 0:00 ora_smon_HRIXXXDW
oracle 28279 0.0 0.0 758488 16588 ? Ss 17:31 0:00 ora_reco_HRIXXXDW
oracle 28281 0.0 0.0 758488 16772 ? Ss 17:31 0:00 ora_mmon_HRIXXXDW
oracle 28283 0.0 0.0 758488 16612 ? Ss 17:31 0:00 ora_mmnl_HRIXXXDW
OracleServer:/home/hri> /bin/kill -9 28263
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 28309 0.0 0.0 61164 676 pts/9 S+ 17:31 0:00 \_ grep HRIXXX
oracle 28265 0.0 0.0 758488 16584 ? Ss 17:31 0:00 ora_psp0_HRIXXXDW
oracle 28267 0.0 0.0 758488 23948 ? Ss 17:31 0:00 ora_mman_HRIXXXDW
oracle 28269 0.0 0.0 760968 19316 ? Ss 17:31 0:00 ora_dbw0_HRIXXXDW
oracle 28271 0.0 0.0 760960 19284 ? Ss 17:31 0:00 ora_dbw1_HRIXXXDW
oracle 28273 0.0 0.0 758488 16656 ? Ss 17:31 0:00 ora_lgwr_HRIXXXDW
oracle 28275 0.0 0.0 758492 19096 ? Ss 17:31 0:00 ora_ckpt_HRIXXXDW
oracle 28277 0.0 0.0 758488 16596 ? Ss 17:31 0:00 ora_smon_HRIXXXDW
oracle 28279 0.0 0.0 758488 16588 ? Ss 17:31 0:00 ora_reco_HRIXXXDW
oracle 28281 0.0 0.0 758488 16772 ? Ss 17:31 0:00 ora_mmon_HRIXXXDW
oracle 28283 0.0 0.0 758488 16620 ? Ss 17:31 0:00 ora_mmnl_HRIXXXDW
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 28435 0.0 0.0 61164 676 pts/9 S+ 17:32 0:00 \_ grep HRIXXX
Abaixo estão um kill -15 , depois um kill -9 , com strace:
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 26278 0.0 0.0 61164 676 pts/9 S+ 17:16 0:00 \_ grep HRIXXX
oracle 12412 0.0 0.0 759660 19724 ? Ss 16:10 0:00 ora_pmon_HRIXXXDW
oracle 12414 0.0 0.0 758484 16608 ? Ss 16:10 0:00 ora_psp0_HRIXXXDW
oracle 12416 0.0 0.0 758484 23992 ? Ss 16:10 0:00 ora_mman_HRIXXXDW
oracle 12418 0.0 0.0 760980 19352 ? Ss 16:10 0:00 ora_dbw0_HRIXXXDW
oracle 12420 0.0 0.0 760968 19316 ? Ss 16:10 0:00 ora_dbw1_HRIXXXDW
oracle 12422 0.0 0.0 758484 16700 ? Ss 16:10 0:00 ora_lgwr_HRIXXXDW
oracle 12424 0.0 0.0 758504 19152 ? Ss 16:10 0:00 ora_ckpt_HRIXXXDW
oracle 12426 0.0 0.0 758484 16708 ? Ss 16:10 0:00 ora_smon_HRIXXXDW
oracle 12428 0.0 0.0 758484 16616 ? Ss 16:10 0:00 ora_reco_HRIXXXDW
oracle 12430 0.0 0.0 758484 16812 ? Ss 16:10 0:00 ora_mmon_HRIXXXDW
oracle 12432 0.0 0.0 758484 16644 ? Ss 16:10 0:00 ora_mmnl_HRIXXXDW
OracleServer:/home/hri> strace kill 12414
execve("/bin/kill", ["kill", "12414"], [/* 32 vars */]) = 0
brk(0) = 0xe36e000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b25c7756000
uname({sys="Linux", node="
OracleServer", ...}) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=101954, ...}) = 0
mmap(NULL, 101954, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b25c7757000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "7ELFOracleServer:/home/hri> uname -a
Linux OracleServer 2.6.18-186.el5 #1 SMP Wed Jan 27 18:11:22 EST 2010 x86_64 x86_64 x86_64 GNU/Linux
OracleServer:/home/hri> cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.6 (Tikanga)
OracleServer:/home/hri> id
uid=20314(hri) gid=20175(hri) groups=20001(dba),20175(hri)
OracleServer:/home/hri> id oracle
uid=20001(oracle) gid=20001(dba) groups=20001(dba),20000(xxxxx),20768(xxxxx),20329(xxxxx),20767(xxxxx),20930(xxxxx),20271(xxxxx),20316(xxxxx)
OracleServer:/home/hri> alias kill
bash: alias: kill: not found
OracleServer:/home/hri> type kill
kill is a shell builtin
OracleServer:/home/hri> which kill
/bin/kill
OracleServer:/home/hri> l /bin/kill
-rwxr-xr-x 1 root root 14864 Sep 22 2010 /bin/kill
OracleServer:/home/hri> file /bin/kill
/bin/kill: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, stripped
OracleServer:/home/hri> l /oracle/product/10.2.0.5/bin/oracle
-rwsr-s--x 1 oracle dba 116208733 Jul 1 09:29 /oracle/product/10.2.0.5/bin/oracle
OracleServer:/home/hri> ps auxf | grep HRIXXX | grep 9609
oracle 9609 0.0 0.0 759668 19692 ? Ss 08:41 0:00 ora_pmon_HRIXXXDW
OracleServer:/home/hri> grep [UG]id: /proc/9609/status
Uid: 20314 20001 20001 20001
Gid: 20175 20001 20001 20001
OracleServer:/home/hri> export ORACLE_SID=HRIXXXDW
OracleServer:/home/hri> sqlplus / as sysdba
SQL*Plus: Release 10.2.0.5.0 - Production on Thu Dec 12 17:30:56 2013
Copyright (c) 1982, 2010, Oracle. All Rights Reserved.
Connected to an idle instance.
SQL> startup
ORA-09925: Unable to create audit trail file
Linux-x86_64 Error: 13: Permission denied
Additional information: 9925
SQL> Disconnected
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 28295 0.0 0.0 61164 676 pts/9 S+ 17:31 0:00 \_ grep HRIXXX
oracle 28263 0.0 0.0 759668 17384 ? Ss 17:31 0:00 ora_pmon_HRIXXXDW
oracle 28265 0.0 0.0 758488 16576 ? Ss 17:31 0:00 ora_psp0_HRIXXXDW
oracle 28267 0.1 0.0 758488 23948 ? Ss 17:31 0:00 ora_mman_HRIXXXDW
oracle 28269 0.0 0.0 760968 19308 ? Ss 17:31 0:00 ora_dbw0_HRIXXXDW
oracle 28271 0.0 0.0 760960 19284 ? Ss 17:31 0:00 ora_dbw1_HRIXXXDW
oracle 28273 0.0 0.0 758488 16656 ? Ss 17:31 0:00 ora_lgwr_HRIXXXDW
oracle 28275 0.0 0.0 758492 19092 ? Ss 17:31 0:00 ora_ckpt_HRIXXXDW
oracle 28277 0.0 0.0 758488 16596 ? Ss 17:31 0:00 ora_smon_HRIXXXDW
oracle 28279 0.0 0.0 758488 16588 ? Ss 17:31 0:00 ora_reco_HRIXXXDW
oracle 28281 0.0 0.0 758488 16772 ? Ss 17:31 0:00 ora_mmon_HRIXXXDW
oracle 28283 0.0 0.0 758488 16612 ? Ss 17:31 0:00 ora_mmnl_HRIXXXDW
OracleServer:/home/hri> /bin/kill -9 28263
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 28309 0.0 0.0 61164 676 pts/9 S+ 17:31 0:00 \_ grep HRIXXX
oracle 28265 0.0 0.0 758488 16584 ? Ss 17:31 0:00 ora_psp0_HRIXXXDW
oracle 28267 0.0 0.0 758488 23948 ? Ss 17:31 0:00 ora_mman_HRIXXXDW
oracle 28269 0.0 0.0 760968 19316 ? Ss 17:31 0:00 ora_dbw0_HRIXXXDW
oracle 28271 0.0 0.0 760960 19284 ? Ss 17:31 0:00 ora_dbw1_HRIXXXDW
oracle 28273 0.0 0.0 758488 16656 ? Ss 17:31 0:00 ora_lgwr_HRIXXXDW
oracle 28275 0.0 0.0 758492 19096 ? Ss 17:31 0:00 ora_ckpt_HRIXXXDW
oracle 28277 0.0 0.0 758488 16596 ? Ss 17:31 0:00 ora_smon_HRIXXXDW
oracle 28279 0.0 0.0 758488 16588 ? Ss 17:31 0:00 ora_reco_HRIXXXDW
oracle 28281 0.0 0.0 758488 16772 ? Ss 17:31 0:00 ora_mmon_HRIXXXDW
oracle 28283 0.0 0.0 758488 16620 ? Ss 17:31 0:00 ora_mmnl_HRIXXXDW
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 28435 0.0 0.0 61164 676 pts/9 S+ 17:32 0:00 \_ grep HRIXXX
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 26278 0.0 0.0 61164 676 pts/9 S+ 17:16 0:00 \_ grep HRIXXX
oracle 12412 0.0 0.0 759660 19724 ? Ss 16:10 0:00 ora_pmon_HRIXXXDW
oracle 12414 0.0 0.0 758484 16608 ? Ss 16:10 0:00 ora_psp0_HRIXXXDW
oracle 12416 0.0 0.0 758484 23992 ? Ss 16:10 0:00 ora_mman_HRIXXXDW
oracle 12418 0.0 0.0 760980 19352 ? Ss 16:10 0:00 ora_dbw0_HRIXXXDW
oracle 12420 0.0 0.0 760968 19316 ? Ss 16:10 0:00 ora_dbw1_HRIXXXDW
oracle 12422 0.0 0.0 758484 16700 ? Ss 16:10 0:00 ora_lgwr_HRIXXXDW
oracle 12424 0.0 0.0 758504 19152 ? Ss 16:10 0:00 ora_ckpt_HRIXXXDW
oracle 12426 0.0 0.0 758484 16708 ? Ss 16:10 0:00 ora_smon_HRIXXXDW
oracle 12428 0.0 0.0 758484 16616 ? Ss 16:10 0:00 ora_reco_HRIXXXDW
oracle 12430 0.0 0.0 758484 16812 ? Ss 16:10 0:00 ora_mmon_HRIXXXDW
oracle 12432 0.0 0.0 758484 16644 ? Ss 16:10 0:00 ora_mmnl_HRIXXXDW
OracleServer:/home/hri> strace kill 12414
execve("/bin/kill", ["kill", "12414"], [/* 32 vars */]) = 0
brk(0) = 0xe36e000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b25c7756000
uname({sys="Linux", node="
OracleServer", ...}) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=101954, ...}) = 0
mmap(NULL, 101954, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b25c7757000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "7ELFOracleServer:/home/hri> uname -a
Linux OracleServer 2.6.18-186.el5 #1 SMP Wed Jan 27 18:11:22 EST 2010 x86_64 x86_64 x86_64 GNU/Linux
OracleServer:/home/hri> cat /etc/redhat-release
Red Hat Enterprise Linux Server release 5.6 (Tikanga)
OracleServer:/home/hri> id
uid=20314(hri) gid=20175(hri) groups=20001(dba),20175(hri)
OracleServer:/home/hri> id oracle
uid=20001(oracle) gid=20001(dba) groups=20001(dba),20000(xxxxx),20768(xxxxx),20329(xxxxx),20767(xxxxx),20930(xxxxx),20271(xxxxx),20316(xxxxx)
OracleServer:/home/hri> alias kill
bash: alias: kill: not found
OracleServer:/home/hri> type kill
kill is a shell builtin
OracleServer:/home/hri> which kill
/bin/kill
OracleServer:/home/hri> l /bin/kill
-rwxr-xr-x 1 root root 14864 Sep 22 2010 /bin/kill
OracleServer:/home/hri> file /bin/kill
/bin/kill: ELF 64-bit LSB executable, AMD x86-64, version 1 (SYSV), for GNU/Linux 2.6.9, dynamically linked (uses shared libs), for GNU/Linux 2.6.9, stripped
OracleServer:/home/hri> l /oracle/product/10.2.0.5/bin/oracle
-rwsr-s--x 1 oracle dba 116208733 Jul 1 09:29 /oracle/product/10.2.0.5/bin/oracle
OracleServer:/home/hri> ps auxf | grep HRIXXX | grep 9609
oracle 9609 0.0 0.0 759668 19692 ? Ss 08:41 0:00 ora_pmon_HRIXXXDW
OracleServer:/home/hri> grep [UG]id: /proc/9609/status
Uid: 20314 20001 20001 20001
Gid: 20175 20001 20001 20001
%pre%%pre%%pre%%pre%%pre%%pre%%pre%>%pre%%pre%%pre%%pre%0212;%pre%%pre%%pre%"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1722304, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b25c7770000
mmap(0x3bc2c00000, 3502424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3bc2c00000
mprotect(0x3bc2d4e000, 2097152, PROT_NONE) = 0
mmap(0x3bc2f4e000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14e000) = 0x3bc2f4e000
mmap(0x3bc2f53000, 16728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3bc2f53000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b25c7771000
arch_prctl(ARCH_SET_FS, 0x2b25c7771260) = 0
mprotect(0x3bc2f4e000, 16384, PROT_READ) = 0
mprotect(0x3bc2a1b000, 4096, PROT_READ) = 0
munmap(0x2b25c7757000, 101954) = 0
brk(0) = 0xe36e000
brk(0xe38f000) = 0xe38f000
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=56450560, ...}) = 0
mmap(NULL, 56450560, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b25c7772000
close(3) = 0
kill(12414, SIGTERM) = 0
exit_group(0) = ?
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 26328 0.0 0.0 61164 676 pts/9 S+ 17:16 0:00 \_ grep HRIXXX
oracle 12412 0.0 0.0 759660 19724 ? Ss 16:10 0:00 ora_pmon_HRIXXXDW
oracle 12414 0.0 0.0 758484 16608 ? Ss 16:10 0:00 ora_psp0_HRIXXXDW
oracle 12416 0.0 0.0 758484 23992 ? Ss 16:10 0:00 ora_mman_HRIXXXDW
oracle 12418 0.0 0.0 760980 19352 ? Ss 16:10 0:00 ora_dbw0_HRIXXXDW
oracle 12420 0.0 0.0 760968 19316 ? Ss 16:10 0:00 ora_dbw1_HRIXXXDW
oracle 12422 0.0 0.0 758484 16700 ? Ss 16:10 0:00 ora_lgwr_HRIXXXDW
oracle 12424 0.0 0.0 758504 19152 ? Ss 16:10 0:00 ora_ckpt_HRIXXXDW
oracle 12426 0.0 0.0 758484 16708 ? Ss 16:10 0:00 ora_smon_HRIXXXDW
oracle 12428 0.0 0.0 758484 16616 ? Ss 16:10 0:00 ora_reco_HRIXXXDW
oracle 12430 0.0 0.0 758484 16812 ? Ss 16:10 0:00 ora_mmon_HRIXXXDW
oracle 12432 0.0 0.0 758484 16644 ? Ss 16:10 0:00 ora_mmnl_HRIXXXDW
OracleServer:/home/hri> strace kill -9 12414
execve("/bin/kill", ["kill", "-9", "12414"], [/* 32 vars */]) = 0
brk(0) = 0x1b155000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac77c2e4000
uname({sys="Linux", node="
OracleServer", ...}) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=101954, ...}) = 0
mmap(NULL, 101954, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ac77c2e5000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "7ELF%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%>%pre%%pre%%pre%%pre%0212;%pre%%pre%%pre%"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1722304, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac77c2fe000
mmap(0x3bc2c00000, 3502424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3bc2c00000
mprotect(0x3bc2d4e000, 2097152, PROT_NONE) = 0
mmap(0x3bc2f4e000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14e000) = 0x3bc2f4e000
mmap(0x3bc2f53000, 16728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3bc2f53000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac77c2ff000
arch_prctl(ARCH_SET_FS, 0x2ac77c2ff260) = 0
mprotect(0x3bc2f4e000, 16384, PROT_READ) = 0
mprotect(0x3bc2a1b000, 4096, PROT_READ) = 0
munmap(0x2ac77c2e5000, 101954) = 0
brk(0) = 0x1b155000
brk(0x1b176000) = 0x1b176000
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=56450560, ...}) = 0
mmap(NULL, 56450560, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ac77c300000
close(3) = 0
kill(12414, SIGKILL) = 0
exit_group(0) = ?
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 26380 0.0 0.0 61164 676 pts/9 S+ 17:17 0:00 \_ grep HRIXXX
%pre%%pre%%pre%%pre%%pre%>%pre%%pre%%pre%%pre%0212;%pre%%pre%%pre%"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1722304, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b25c7770000
mmap(0x3bc2c00000, 3502424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3bc2c00000
mprotect(0x3bc2d4e000, 2097152, PROT_NONE) = 0
mmap(0x3bc2f4e000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14e000) = 0x3bc2f4e000
mmap(0x3bc2f53000, 16728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3bc2f53000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2b25c7771000
arch_prctl(ARCH_SET_FS, 0x2b25c7771260) = 0
mprotect(0x3bc2f4e000, 16384, PROT_READ) = 0
mprotect(0x3bc2a1b000, 4096, PROT_READ) = 0
munmap(0x2b25c7757000, 101954) = 0
brk(0) = 0xe36e000
brk(0xe38f000) = 0xe38f000
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=56450560, ...}) = 0
mmap(NULL, 56450560, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2b25c7772000
close(3) = 0
kill(12414, SIGTERM) = 0
exit_group(0) = ?
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 26328 0.0 0.0 61164 676 pts/9 S+ 17:16 0:00 \_ grep HRIXXX
oracle 12412 0.0 0.0 759660 19724 ? Ss 16:10 0:00 ora_pmon_HRIXXXDW
oracle 12414 0.0 0.0 758484 16608 ? Ss 16:10 0:00 ora_psp0_HRIXXXDW
oracle 12416 0.0 0.0 758484 23992 ? Ss 16:10 0:00 ora_mman_HRIXXXDW
oracle 12418 0.0 0.0 760980 19352 ? Ss 16:10 0:00 ora_dbw0_HRIXXXDW
oracle 12420 0.0 0.0 760968 19316 ? Ss 16:10 0:00 ora_dbw1_HRIXXXDW
oracle 12422 0.0 0.0 758484 16700 ? Ss 16:10 0:00 ora_lgwr_HRIXXXDW
oracle 12424 0.0 0.0 758504 19152 ? Ss 16:10 0:00 ora_ckpt_HRIXXXDW
oracle 12426 0.0 0.0 758484 16708 ? Ss 16:10 0:00 ora_smon_HRIXXXDW
oracle 12428 0.0 0.0 758484 16616 ? Ss 16:10 0:00 ora_reco_HRIXXXDW
oracle 12430 0.0 0.0 758484 16812 ? Ss 16:10 0:00 ora_mmon_HRIXXXDW
oracle 12432 0.0 0.0 758484 16644 ? Ss 16:10 0:00 ora_mmnl_HRIXXXDW
OracleServer:/home/hri> strace kill -9 12414
execve("/bin/kill", ["kill", "-9", "12414"], [/* 32 vars */]) = 0
brk(0) = 0x1b155000
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac77c2e4000
uname({sys="Linux", node="
OracleServer", ...}) = 0
access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=101954, ...}) = 0
mmap(NULL, 101954, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ac77c2e5000
close(3) = 0
open("/lib64/libc.so.6", O_RDONLY) = 3
read(3, "7ELF%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%%pre%>%pre%%pre%%pre%%pre%0212;%pre%%pre%%pre%"..., 832) = 832
fstat(3, {st_mode=S_IFREG|0755, st_size=1722304, ...}) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac77c2fe000
mmap(0x3bc2c00000, 3502424, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x3bc2c00000
mprotect(0x3bc2d4e000, 2097152, PROT_NONE) = 0
mmap(0x3bc2f4e000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x14e000) = 0x3bc2f4e000
mmap(0x3bc2f53000, 16728, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3bc2f53000
close(3) = 0
mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2ac77c2ff000
arch_prctl(ARCH_SET_FS, 0x2ac77c2ff260) = 0
mprotect(0x3bc2f4e000, 16384, PROT_READ) = 0
mprotect(0x3bc2a1b000, 4096, PROT_READ) = 0
munmap(0x2ac77c2e5000, 101954) = 0
brk(0) = 0x1b155000
brk(0x1b176000) = 0x1b176000
open("/usr/lib/locale/locale-archive", O_RDONLY) = 3
fstat(3, {st_mode=S_IFREG|0644, st_size=56450560, ...}) = 0
mmap(NULL, 56450560, PROT_READ, MAP_PRIVATE, 3, 0) = 0x2ac77c300000
close(3) = 0
kill(12414, SIGKILL) = 0
exit_group(0) = ?
OracleServer:/home/hri> ps auxf | grep HRIXXX
hri 26380 0.0 0.0 61164 676 pts/9 S+ 17:17 0:00 \_ grep HRIXXX
Agora, algumas informações sobre os usuários e o sistema operacional:
%pre%Editar , graças ao comentário jjlin :
É o usuário hri que iniciou o $ ORACLE_SID (isso é o que é mostrado no primeiro registro de sessão postado).
Permissões em oracle binary mostraram um conjunto suid e sgid .
E, de fato, a linha /proc/*/status Uid mostra que UID real é 20314 (que é o ID do usuário hri ) enquanto > UID efetivo é 20001 (que é oracle ).
Portanto, é necessário que: A Oracle execute seus subprocessos ID do sistema (SID) como Real UID do proprietário do banco de dados, enquanto o UID efetivo é do Oracle.
Obrigado!
Referências:
O Oracle executa seus subprocessos SID como Real UID do proprietário do banco de dados ( hri aqui), enquanto o Effective UID é do Oracle (< strong> oracle ). É por isso que o hri foi capaz de matar o que realmente eram seus próprios processos.
Você pode usar ps axf -O ruid,ruser,euid,euser para exibir lado a lado o RUID e o EUID.