这个库刚上线 上周我想用oracle用户备份到 asm ，结果报错没权限，我就尝试性的加了个组 asmadmin，我以为把最大的asmadmin加上就行了，还不行，最后备到了了 本地磁盘。
今天来发现 ，rac1  down了，启动的时候  就报权限问题了 。

下面是报错 和 解决；

2016-02-15 15:06:42.478:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 15:11:47.478:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 15:16:52.479:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 15:21:57.478:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 15:27:02.479:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 17:30:53.317:
[client(84295)]CRS-10051:CVU found following errors with Clusterware setup : PRVG-1101 : SCAN name "scan-ip" failed to resolve
PRVF-4657 : Name resolution setup check for "scan-ip" (IP address: 10.161.34.192) failed
PRVF-4664 : Found inconsistent name resolution entries for SCAN name "scan-ip"

2016-03-31 17:10:00.540:
[/u01/app/11.2.0/grid/bin/oraagent.bin(30735)]CRS-5011:Check of resource "rac" failed: details at "(:CLSN00007" in "/u01/app/11.2.0/grid/log/nopaper-28/agent/crsd/oraagent_oracle/oraagent_oracle.log"
2016-03-31 17:10:00.548:
[crsd(37384)]CRS-2765:Resource 'ora.rac.db' has failed on server 'nopaper-28'.
2016-03-31 17:10:32.923:
[crsd(37384)]CRS-2878:Failed to restart resource 'ora.rac.db'
2016-03-31 17:10:32.924:
[crsd(37384)]CRS-2769:Unable to failover resource 'ora.rac.db'.

[root@nopaper-28 nopaper-28]# srvctl start instance -d rac -i rac1
PRCR-1013 : Failed to start resource ora.rac.db
PRCR-1064 : Failed to start resource ora.rac.db on node nopaper-28
ORA-01031: insufficient privileges
CRS-5017: The resource action "ora.rac.db start" encountered the following error:
ORA-01031: insufficient privileges
. For details refer to "(:CLSN00107" in "/u01/app/11.2.0/grid/log/nopaper-28/agent/crsd/oraagent_oracle/oraagent_oracle.log".
Disconnected
[oracle@nopaper-28 dbs]$ sqlplus / as sysDBA

SQL*Plus: Release 11.2.0.4.0 Production on Tue Apr 5 17:06:30 2016

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

ERROR:
ORA-01031: insufficient privileges
oracle

SQL*Plus: Release 11.2.0.4.0 Production on Tue Apr 5 16:28:32 2016

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

ERROR:
ORA-27140: attach to post/wait facility failed
ORA-27300: OS system dependent operation:invalid_egid failed with status: 1
ORA-27301: OS failure message: Operation not permitted
ORA-27302: failure occurred at: skgpwinit6
ORA-27303: additional information: startup egid = 1100 (asmadmin), current egid
= 1000 (oinstall)
针对遇到的第一个CRF的问题，是由于CHM(ClusterHealth Monitor)服务未关导致crf文件无限增长导致磁盘空间占满：
我们采用的是如上第一种方法，节点一处理过程如下：
1、  查看ora.crf服务
crsctl stat res ora.crf -init -t
2、  停止ora.crf服务
crsctl stop res ora.crf -init
3、  删除$ORACLE_HOME/crf/db/$HOMENAME/目录中所有的crf*.bdb
4、  查看磁盘空间。
但是奇怪的一点事时间显示的试过去，现在os的空间也是正常的，所以怀疑是之前的空间满过，但是并未重启，/proc句柄没能释放，导致一直存在日志中。
下面的问题：
这是之前的用户权限：
uid=1100(grid) gid=1000(oinstall) groups=1000(oinstall),1200(dba),1100(asmadmin),1300(asmdba),1301(asmoper)
uid=1101(oracle) gid=1000(oinstall) groups=1000(oinstall)
这是修改之后的用户权限：

uid=1100(grid) gid=1000(oinstall) groups=1000(oinstall),1200(dba),1100(asmadmin),1300(asmdba),1301(asmoper)
uid=1100(oracle) gid=1000(oinstall) groups=1000(oinstall),1200(dba),1100(asmadmin),1300(asmdba),1301(asmoper)

然后跑 root.sh 重新赋权

更改oracle文件权限
[oracle@njdyw bin]$ chmod 6751 $ORACLE_HOME/bin/oracle
[oracle@njdyw bin]$ ll oracle
-rwsr-s--x 1 oracle asmadmin 228943067 06-03 13:52 oracle

然后再去启动集群即可。

思考： 如何去修改用户对ASM的访问权限，
1：加上组集 ，一定要加全 一个都不能少，groups=1000(oinstall),1200(dba),1100(asmadmin),1300(asmdba),1301(asmoper)
2：直接修改磁盘的属组
3：DG授权access_control.enable & compatible.rdbms&access_control.unmask   

这个库刚上线 上周我想用oracle用户备份到 asm ，结果报错没权限，我就尝试性的加了个组 asmadmin，我以为把最大的asmadmin加上就行了，还不行，最后备到了了 本地磁盘。
今天来发现 ，rac1  down了，启动的时候  就报权限问题了 。

下面是报错 和 解决；

2016-02-15 15:06:42.478:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 15:11:47.478:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 15:16:52.479:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 15:21:57.478:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 15:27:02.479:
[crflogd(36436)]CRS-9520:The storage of Grid Infrastructure Management Repository is 94% full. The storage location is '/u01/app/11.2.0/grid/crf/db/nopaper-28'.
2016-02-15 17:30:53.317:
[client(84295)]CRS-10051:CVU found following errors with Clusterware setup : PRVG-1101 : SCAN name "scan-ip" failed to resolve
PRVF-4657 : Name resolution setup check for "scan-ip" (IP address: 10.161.34.192) failed
PRVF-4664 : Found inconsistent name resolution entries for SCAN name "scan-ip"

2016-03-31 17:10:00.540:
[/u01/app/11.2.0/grid/bin/oraagent.bin(30735)]CRS-5011:Check of resource "rac" failed: details at "(:CLSN00007" in "/u01/app/11.2.0/grid/log/nopaper-28/agent/crsd/oraagent_oracle/oraagent_oracle.log"
2016-03-31 17:10:00.548:
[crsd(37384)]CRS-2765:Resource 'ora.rac.db' has failed on server 'nopaper-28'.
2016-03-31 17:10:32.923:
[crsd(37384)]CRS-2878:Failed to restart resource 'ora.rac.db'
2016-03-31 17:10:32.924:
[crsd(37384)]CRS-2769:Unable to failover resource 'ora.rac.db'.

[root@nopaper-28 nopaper-28]# srvctl start instance -d rac -i rac1
PRCR-1013 : Failed to start resource ora.rac.db
PRCR-1064 : Failed to start resource ora.rac.db on node nopaper-28
ORA-01031: insufficient privileges
CRS-5017: The resource action "ora.rac.db start" encountered the following error:
ORA-01031: insufficient privileges
. For details refer to "(:CLSN00107" in "/u01/app/11.2.0/grid/log/nopaper-28/agent/crsd/oraagent_oracle/oraagent_oracle.log".
Disconnected
[oracle@nopaper-28 dbs]$ sqlplus / as sysDBA

SQL*Plus: Release 11.2.0.4.0 Production on Tue Apr 5 17:06:30 2016

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

ERROR:
ORA-01031: insufficient privileges
oracle

SQL*Plus: Release 11.2.0.4.0 Production on Tue Apr 5 16:28:32 2016

Copyright (c) 1982, 2013, Oracle.  All rights reserved.

ERROR:
ORA-27140: attach to post/wait facility failed
ORA-27300: OS system dependent operation:invalid_egid failed with status: 1
ORA-27301: OS failure message: Operation not permitted
ORA-27302: failure occurred at: skgpwinit6
ORA-27303: additional information: startup egid = 1100 (asmadmin), current egid
= 1000 (oinstall)
针对遇到的第一个CRF的问题，是由于CHM(ClusterHealth Monitor)服务未关导致crf文件无限增长导致磁盘空间占满：
我们采用的是如上第一种方法，节点一处理过程如下：
1、  查看ora.crf服务
crsctl stat res ora.crf -init -t
2、  停止ora.crf服务
crsctl stop res ora.crf -init
3、  删除$ORACLE_HOME/crf/db/$HOMENAME/目录中所有的crf*.bdb
4、  查看磁盘空间。
但是奇怪的一点事时间显示的试过去，现在os的空间也是正常的，所以怀疑是之前的空间满过，但是并未重启，/proc句柄没能释放，导致一直存在日志中。
下面的问题：
这是之前的用户权限：
uid=1100(grid) gid=1000(oinstall) groups=1000(oinstall),1200(dba),1100(asmadmin),1300(asmdba),1301(asmoper)
uid=1101(oracle) gid=1000(oinstall) groups=1000(oinstall)
这是修改之后的用户权限：

uid=1100(grid) gid=1000(oinstall) groups=1000(oinstall),1200(dba),1100(asmadmin),1300(asmdba),1301(asmoper)
uid=1100(oracle) gid=1000(oinstall) groups=1000(oinstall),1200(dba),1100(asmadmin),1300(asmdba),1301(asmoper)

然后跑 root.sh 重新赋权

更改oracle文件权限
[oracle@njdyw bin]$ chmod 6751 $ORACLE_HOME/bin/oracle
[oracle@njdyw bin]$ ll oracle
-rwsr-s--x 1 oracle asmadmin 228943067 06-03 13:52 oracle

然后再去启动集群即可。

思考： 如何去修改用户对ASM的访问权限，
1：加上组集 ，一定要加全 一个都不能少，groups=1000(oinstall),1200(dba),1100(asmadmin),1300(asmdba),1301(asmoper)
2：直接修改磁盘的属组
3：DG授权access_control.enable & compatible.rdbms&access_control.unmask