I am trying to run one command as grid user.
Code-1 is not working. Giving permission not available error.
code-2 is working. What is the issue?
Code-1
bash "start ora.cssd" do
code <<-EOH
/u01/app/grid/11.2.0.4/bin/crsctl start resource ora.cssd -init
EOH
user "grid"
end
code-2
bash "start ora.cssd" do
code <<-EOH
sudo su - grid -c "/u01/app/grid/11.2.0.4/bin/crsctl start resource ora.cssd -init"
EOH
end
I am not able to understand why bash is not able to run that command as grid user in code-1 snippet
Exact error log for code-1 snippet:
Recipe: Oracle11G::startGridservices
* execute[start ora.cssd] action run[2015-04-21T14:31:43+00:00] INFO: Processing execute[start ora.cssd] action run (Oracle11G::startGridservices line 4)
================================================================================
Error executing action `run` on resource 'execute[start ora.cssd]'
================================================================================
Errno::EACCES
-------------
Permission denied - /u01/app/grid/11.2.0.4/bin/crsctl start resource ora.cssd -init
========================
i ran the above command with root user and i am not getting permission denied issue.
su -c "/u01/app/grid/11.2.0.4/bin/crsctl start resource ora.cssd -init" grid
CRS-5702: Resource 'ora.cssd' is already running on 'ip-10-10-10-10' CRS-4000: Command Start failed, or completed with errors.
Maybe your problem is that you are forgetting to set the group:
bash "start ora.cssd" do
code <<-EOH
/u01/app/grid/11.2.0.4/bin/crsctl start resource ora.cssd -init
EOH
user "grid"
group "grid"
end
I do not know for sure, but maybe the script is allowed to be run by the grid group, but not specifically by the user grid. Something like the following:
-rwxr-x--- 1 otheruser grid SOMEDATE /u01/app/grid/11.2.0.4/bin/crsctl
I mean, su changes both the user and the group. And that's not the case of your bash resource example, you forgot to set the group.