ASMCMD File Access Control Commands
This topic provides a summary of the ASMCMD Oracle ASM File Access Control commands.
For information about Oracle ASM File Access Control, see Managing Oracle ASM File Access Control for Disk Groups.
When administering users with ASMCMD, the users must be existing operating system users and their user names must have corresponding operating system user IDs. However, only users in the same cluster as the Oracle ASM instance can be validated.
Note:
When modifying ownership of files, the previous owner of a file cannot be dropped while the file is still open even after the ownership of the file has changed.
Table 10-94 lists the ASMCMD Oracle ASM File Access Control commands with brief descriptions.
Table 10-94 Summary of ASMCMD file access control commands
Command | Description |
---|---|
Changes the user group of a file or list of files. |
|
Changes permissions of a file or list of files. |
|
Changes the owner of a file or list of files. |
|
Lists the user groups to which a user belongs. |
|
Adds or removes users from an existing user group. |
|
Lists user groups. |
|
Lists users in a disk group. |
|
Creates a new user group. |
|
Adds a user to disk group. |
|
Changes the password of a user. |
|
Deletes a user group. |
|
Deletes a user from a disk group. |
|
Replaces one a user with another in a disk group. |
chgrp
Purpose
Changes the user group of a file or list of files.
Syntax and Description
chgrp usergroup file [file ...]
Table 10-95 lists the syntax options for the chgrp
command.
Table 10-95 Options for the chgrp command
Option | Description |
---|---|
|
Name of the user group. |
|
Name of a file. |
Only the file owner or the Oracle ASM administrator can use this command. If the user is the file owner, then the user must also be either the owner or a member of the group for this command to succeed.
This command accepts a file name or multiple file names separated by spaces.
If you change the user group settings of an open file, then the operation currently running on the file completes using the old user group settings. The new settings take effect when re-authentication is required.
Examples
The following are examples of the chgrp
command that change the Oracle ASM user group of the specified files.
Example 10-97 Using the ASMCMD chgrp command
ASMCMD [+] > chgrp asm_data +data/orcl/controlfile/Current.260.684924747 ASMCMD [+fra/orcl/archivelog/flashback] > chgrp asm_fra log_7.264.684968167 log_8.265.684972027
chmod
Purpose
Changes permissions of a file or list of files.
Syntax and Description
chmod mode file [file ...]
mode
can be one of the following forms:
-
{
ugo
|ug
|uo
|go
|u
|g
|o
|a
} {+
|-
} {r
|w
|rw
}a
specifies permissions for all users,u
specifies permissions for the owner of the file,g
specifies the group permissions, ando
specifies permissions for other users. -
{
0
|4
|6
} {0
|4
|6
} {0
|4
|6
}The first digit specifies
owner
permissions, the second digit specifiesgroup
permissions, and the third digit specifiesother
permissions.
Table 10-96 lists the syntax options for the chmod
command.
Table 10-96 Options for the chmod command
Option | Description |
---|---|
|
Read write permissions |
|
Read only permissions |
|
No permissions |
|
Owner permissions, used with |
|
Group permissions, used with |
|
Other user permissions, used with |
|
All user permissions, used with |
|
Add a permission, used with |
|
Removes a permission, used with |
|
Read permission |
|
Write permission |
|
Name of a file |
This command accepts a file name or multiple file names separated by spaces.
You can only set file permissions to read-write, read-only, and no permissions. You cannot set file permissions to write-only.
If you change the permission settings of an open file, then the operation currently running on the file completes using the old permission settings. The new settings take effect when re-authentication is required.
To view the permissions on a file, use the ASMCMD ls
command with the --permission
option. See "ls".
Examples
The following are examples of the chmod
command that change the permissions of the specified files.
Example 10-98 Using the ASMCMD chmod command
ASMCMD [+fra/orcl/archivelog/flashback] > chmod ug+rw log_7.264.684968167 log_8.265.684972027 ASMCMD [+fra/orcl/archivelog/flashback] > chmod 640 log_7.264.684968167 log_8.265.684972027 ASMCMD [+] > ls --permission +fra/orcl/archivelog/flashback User Group Permission Name grid asm_fra rw-r----- log_7.264.684968167 grid asm_fra rw-r----- log_8.265.684972027
chown
Purpose
Changes the owner of a file or list of files.
Syntax and Description
chown user[:usergroup ] file [file ...]
Table 10-97 lists the syntax options for the chown
command.
Table 10-97 Options for the chown command
Option | Description |
---|---|
|
The name of the user that becomes the new owner. |
|
Name of the user group to which the user belongs. |
|
Name of a file. |
user
typically refers to the user that owns the database instance home. Oracle ASM File Access Control uses the operating system (OS) name to identify a database.
This command accepts a file name or multiple file names separated by spaces.
If you change the ownership settings of an open file, then the following applies:
-
The operation currently running on the file completes using the old ownership and user group settings. The new settings take effect when re-authentication is required.
-
The new owner of the file cannot be dropped from the disk group until all instances in a cluster are restarted in a rolling manner.
Only the Oracle ASM administrator can use this command.
Examples
The following are examples of the chown
command that change the owner of the specified files to the oracle1
operating system user.
Example 10-99 Using the ASMCMD chown command
ASMCMD [+fra/orcl/archivelog/flashback] > chown oracle1 log_7.264.684968167 log_8.265.684972027 ASMCMD [+fra/orcl/archivelog/flashback] > chown oracle1:asm_fra log_9.264.687650269
groups
Purpose
Lists all the user groups to which the specified user belongs.
Syntax and Description
groups diskgroup user
Table 10-98 lists the syntax options for the groups
command.
Table 10-98 Options for the groups command
Option | Description |
---|---|
|
Name of the disk group to which the user belongs. |
|
Name of the user. |
Examples
The following is an example of the groups
command that displays the user groups of the data
disk group to which the oracle1
user belongs.
Example 10-100 Using the ASMCMD groups command
ASMCMD [+] > groups data oracle1 asm_data
grpmod
Purpose
Adds or removes operating system (OS) users to and from an existing Oracle ASM user group.
Syntax and Description
grpmod { --add | --delete } diskgroup usergroup user [user...]
Table 10-99 lists the syntax options for the grpmod
command.
Table 10-99 Options for the grpmod command
Option | Description |
---|---|
|
Specifies to add users to the user group. |
|
Specifies to delete users from the user group. |
|
Name of the disk group to which the user group belongs. |
|
Name of the user group. |
|
Name of the user to add or remove from the user group. |
Only the owner of the user group can use this command. The command requires the SYSASM privilege to run.
This command accepts an operating system user name or multiple user names separated by spaces. The operating system users are typically owners of a database instance home.
Examples
The following are examples of the grpmod
command. The first example adds the oracle1
and oracle2
users to the asm_fra
user group of the fra
disk group. The second example removes the oracle2
user from the asm_data
user group of the data
disk group.
Example 10-101 Using the ASMCMD grpmod command
ASMCMD [+] > grpmod –-add fra asm_fra oracle1 oracle2 ASMCMD [+] > grpmod –-delete data asm_data oracle2
lsgrp
Purpose
Lists all Oracle ASM user groups or only groups that match a specified pattern.
Syntax and Description
lsgrp [--suppressheader][-a] [ -G diskgroup ] [ pattern ]
Table 10-100 lists the syntax options for the lsgrp
command.
Table 10-100 Options for the lsgrp command
Option | Description |
---|---|
|
Suppresses column headings. |
|
Lists all columns. |
|
Limits the results to the specified disk group name. |
|
Displays the user groups that match the pattern expression. |
Examples
The following are examples of the lsgrp
command. The first example displays a subset of information about the user groups whose name matches the asm%
pattern. The second example displays all information about all the user groups.
Example 10-102 Using the ASMCMD lsgrp command
ASMCMD [+] > lsgrp asm% DG_Name Grp_Name Owner FRA asm_fra grid DATA asm_data grid ASMCMD [+] > lsgrp -a DG_Name Grp_Name Owner Members FRA asm_fra grid oracle1 DATA asm_data grid oracle1 oracle2
lsusr
Purpose
Lists Oracle ASM users in a disk group.
Syntax and Description
lsusr [--suppressheader][-a] [-G diskgroup ] [ pattern ]
Table 10-101 lists the syntax options for the lsusr
command.
Table 10-101 Options for the lsusr command
Option | Description |
---|---|
|
List all users and the disk groups to which the users belong. |
|
Suppresses column headings. |
|
Limits the results to the specified disk group name. |
|
Displays the users that match the pattern expression. |
Examples
The following is an example of the lsusr
command. The example lists users in the data
disk group and also shows the operating system Id assigned to the user.
Example 10-103 Using the ASMCMD lsusr command
ASMCMD [+] > lsusr -G data User_Num OS_ID OS_Name 3 1001 grid 1 1021 oracle1 2 1022 oracle2
mkgrp
Purpose
Creates a new Oracle ASM user group.
Syntax and Description
mkgrp diskgroup usergroup [user] [user...]
Table 10-102 lists the syntax options for the mkgrp
command.
Table 10-102 Options for the mkgrp command
Option | Description |
---|---|
|
Name of the disk group to which the user group is added. |
|
Name of the user group to add. 30 is the maximum number of characters. |
|
Name of the database user to add to the user group. |
You can optionally specify a list of users to be included as members of the new user group.
Examples
The following is an example of the mkgrp
command. This example creates the asm_data
user group in the data
disk group and adds the oracle1
and oracle2
users to the user group.
Example 10-104 Using the ASMCMD mkgrp command
ASMCMD [+] > mkgrp data asm_data oracle1 oracle2
mkusr
Purpose
Adds an operating system (OS) user to a disk group.
Syntax and Description
mkusr diskgroup user
Table 10-103 lists the syntax options for the mkusr
command.
Table 10-103 Options for the mkusr command
Option | Description |
---|---|
|
Specifies the name of the disk group to which the user is to be added. |
|
Name of the user to add. |
The user to be added must be a valid operating system user. Only a user authenticated as SYSASM
can run this command.
Examples
The following are examples of the mkusr
command. The first example adds the oracle1
user to the data
disk group. The second example adds the oracle2
user to the fra
disk group.
Example 10-105 Using the ASMCMD mkusr command
ASMCMD [+] > mkusr data oracle1 ASMCMD [+] > mkusr fra oracle2
passwd
Purpose
Changes the password of a user.
Syntax and Description
passwd user
Table 10-104 lists the syntax options for the passwd
command.
Table 10-104 Options for the passwd command
Option | Description |
---|---|
|
Name of the user. |
An error is raised if the user does not exist in the Oracle ASM password file. The user is first prompted for the current password, then the new password. The command requires the SYSASM privilege to run.
Examples
The following is an example of the passwd
command that changes the password of the oracle2
user.
Example 10-106 Using the ASMCMD passwd command
ASMCMD [+] > passwd oracle2 Enter old password (optional): Enter new password: ******
rmgrp
Purpose
Removes a user group from a disk group.
Syntax and Description
rmgrp diskgroup usergroup
Table 10-105 lists the syntax options for the rmgrp
command.
Table 10-105 Options for the rmgrp command
Option | Description |
---|---|
|
Name of the disk group to which the user group belongs. |
|
Name of the user group to delete. |
Removing a group might leave some files without a valid user group. To ensure that those files have a valid group, explicitly update those files to a valid user group. See "chgrp".
The command must be run by the owner of the user group and also requires the SYSASM privilege to run.
Examples
The following is an example of the rmgrp
command that removes the asm_data
user group from the data
disk group.
Example 10-107 Using the ASMCMD rmgrp command
ASMCMD [+] > rmgrp data asm_data
rmusr
Purpose
Deletes an operating system (OS) user from a disk group.
Syntax and Description
rmusr [-r] diskgroup user
Table 10-106 lists the syntax options for the rmusr
command.
Table 10-106 Options for the rmusr command
Option | Description |
---|---|
|
Removes all files in the disk group that the user owns at the same time that the user is removed. |
|
Specifies the name of the disk group from which the user is to be deleted. |
|
Name of the user to delete. |
The command requires the SYSASM privilege to run.
Examples
The following is an example of the rmusr
command that removes the oracle2
user from the data
disk group.
Example 10-108 Using the ASMCMD rmusr command
ASMCMD [+] > rmusr data oracle2
rpusr
Purpose
Replaces one operating system (OS) user with another in a disk group.
Syntax and Description
rpusr diskgroup user1 user2
Table 10-107 lists the syntax options for the rpusr
command.
Table 10-107 Options for the rpusr command
Option | Description |
---|---|
|
Specifies the name of the disk group. |
|
Name of the user to be replaced. |
|
Name of user that replaces the existing user in the disk group. |
The rpusr
command replaces one operating system user with another in an Oracle ASM disk group. The replacement user must not be a user currently in the disk group user list.
If the command succeeds, all files that were previously owned by current user are now owned by the replacement user. The current user is automatically removed from the user list of the disk group. Adding the current user back to the disk group is possible but this user will not own any files.
When changing the ownership of an open file, the new owner cannot be dropped with the owner's files until all instances within a cluster are restarted.
The command requires the SYSASM privilege to run.
Examples
The following is an example of the rpusr
command that replaces the oracle1
user with the oracle2
user in the data
disk group.
Example 10-109 Using the ASMCMD rpusr command
ASMCMD [+] > rpusr data oracle1 oracle2