ERROR:
NMO not setuid-root (Unix-only).
2014-09-26 08:48:57,680 [14768:EDA3E961:GC.SysExecutor.23 (NmoHealthTask)] INFO - Job Attributes: {JobID=AgentHealthMonitor:14117357376
80, KeepAliveRequest=false} Job Command: {/u01/app/oracle/product/agent12c/sbin/nmo}
2014-09-26 08:48:57,714 [14768:EDA3E961] WARN - NmoStatus: Unable to verify nmo.
oracle.sysman.gcagent.target.interaction.execution.JobExecutionMgr$AuthenticatedJobExecutionException: ERROR: NMO not setuid-root (Unix-only)
The above error can result with the the below error:
EM Event: Warning:DOYEN.com - Agent has stopped monitoring. The following errors are reported : Read timed out.
Cause 1:
The/root.sh script was not run after the Agent installation. So, the owner of the nmo, nmb and nmo executables is not the root user:
$ cd/sbin
$ ls -ltr nm*
For Example:
$ cd /u03/cloud12c/agent12c/sbin
$ ls -al nm*
-rwxr-xr-x 1 oracle oracle 22754 Feb 11 11:08 nmb
-rwxr-xr-x 1 oracle oracle 57835 Feb 11 11:10 nmhs
-rwxr-xr-x 1 oracle oracle 40478 Jan 31 16:57 nmo
...
The correct permissions should have been set by executing the file/root.sh as root at the Agent installation/deployment time.
Note :
=====
After running the root.sh the following file will be created. Do confirm the same.
/etc/oragchomelist
You should get:
$ ls -al nm*
-rwxr-xr-x 1 root oracle 585242 Jul 6 2013 nmosudo
-rws--x--- 1 root oracle 40007 Jul 6 2013 nmo
-rws--x--- 1 root oracle 57835 Jul 6 2013 nmhs
-rws--x--- 1 root oracle 22754 Jul 6 2013 nmb
-rwxr-xr-x 1 root oracle 43494 Jul 6 2013 nmgsshe
Cause 2 :
The root.sh script may have been run but the mount point for the is set with a 'nosuid' / 'nosetuid' option.
This can be verified by doing the mount command:
mount
or
mount | grep nosuid
and
mount | grep nosetuid
or
check the entries in files: /etc/vfstab, /etc/fstab
The 'nosetuid' option prevents mounted programs that have setuid permission to run with the permissions of their owners, regardless of who starts them. Without this
option, if a program with setuid permission is owned by root, it will run with root permissions, regardless of who starts it.
Sometimes 'nosuid' option is specified to protect the system against setuid programs that may run as root and damage the system.
SOLUTION :
Solution for Cause 1 :
Login to the Cloud Control Agent host as root.
Go to the Cloud Control Agent ORACLE_HOME directory
Example: /u01/app/oracle/product/Middleware/agent/core/12.1.0.1.0
Execute the root.sh script:
# ./root.sh
Log in to the Cloud Control Agent host as the Agent binaries owner (oracle for example)
Check that the permissions are now correct:
$ ls -ltr
....
-rwxr-xr-x 1 root em 585242 Jul 6 2013 nmosudo
-rws--x--- 1 root em 40007 Jul 6 2013 nmo
-rws--x--- 1 root em 57835 Jul 6 2013 nmhs
-rws--x--- 1 root em 22754 Jul 6 2013 nmb
-rwxr-xr-x 1 root em 43494 Jul 6 2013 nmgsshe
Stop and restart the Cloud Control Agent:
Example
$ cd /u01/app/oracle/product/Middleware/agent/core/12.1.0.1.0/bin
$ ./emctl stop agent
$ ./emctl start agent
Solution for Cause 2
If the mount point has nosuid option set, this problem should be corrected by the system administrator of the Unix system:
Backup, edit and save the file /etc/vfstab or /etc/fstab for the mount point where the Agent has been installed and remove the 'nosuid' / 'nosetuid' option.
On AIX operating system edit thefile /etc/filesystems.
(u01 in our example)
Stop and restart the Cloud Control Agent
$ cd $ORACLE_HOME/bin
Example
$ cd /u01/app/oracle/product/Middleware/agent/core/12.1.0.1.0/bin
$ ./emctl stop agent
$ ./emctl start agent
Reference :
========
Fix the Cloud Control Agent 12c error 'ERROR: NMO Not Setuid-root (Unix-only)' (Doc ID 146527)
NMO not setuid-root (Unix-only).
2014-09-26 08:48:57,680 [14768:EDA3E961:GC.SysExecutor.23 (NmoHealthTask)] INFO - Job Attributes: {JobID=AgentHealthMonitor:14117357376
80, KeepAliveRequest=false} Job Command: {/u01/app/oracle/product/agent12c/sbin/nmo}
2014-09-26 08:48:57,714 [14768:EDA3E961] WARN - NmoStatus: Unable to verify nmo.
oracle.sysman.gcagent.target.interaction.execution.JobExecutionMgr$AuthenticatedJobExecutionException: ERROR: NMO not setuid-root (Unix-only)
The above error can result with the the below error:
EM Event: Warning:DOYEN.com - Agent has stopped monitoring. The following errors are reported : Read timed out.
Cause 1:
The
$ cd
$ ls -ltr nm*
For Example:
$ cd /u03/cloud12c/agent12c/sbin
$ ls -al nm*
-rwxr-xr-x 1 oracle oracle 22754 Feb 11 11:08 nmb
-rwxr-xr-x 1 oracle oracle 57835 Feb 11 11:10 nmhs
-rwxr-xr-x 1 oracle oracle 40478 Jan 31 16:57 nmo
...
The correct permissions should have been set by executing the file
Note :
=====
After running the root.sh the following file will be created. Do confirm the same.
/etc/oragchomelist
You should get:
$ ls -al nm*
-rwxr-xr-x 1 root oracle 585242 Jul 6 2013 nmosudo
-rws--x--- 1 root oracle 40007 Jul 6 2013 nmo
-rws--x--- 1 root oracle 57835 Jul 6 2013 nmhs
-rws--x--- 1 root oracle 22754 Jul 6 2013 nmb
-rwxr-xr-x 1 root oracle 43494 Jul 6 2013 nmgsshe
Cause 2 :
The root.sh script may have been run but the mount point for the
This can be verified by doing the mount command:
mount
or
mount | grep nosuid
and
mount | grep nosetuid
or
check the entries in files: /etc/vfstab, /etc/fstab
The 'nosetuid' option prevents mounted programs that have setuid permission to run with the permissions of their owners, regardless of who starts them. Without this
option, if a program with setuid permission is owned by root, it will run with root permissions, regardless of who starts it.
Sometimes 'nosuid' option is specified to protect the system against setuid programs that may run as root and damage the system.
SOLUTION :
Solution for Cause 1 :
Login to the Cloud Control Agent host as root.
Go to the Cloud Control Agent ORACLE_HOME directory
Example: /u01/app/oracle/product/Middleware/agent/core/12.1.0.1.0
Execute the root.sh script:
# ./root.sh
Log in to the Cloud Control Agent host as the Agent binaries owner (oracle for example)
Check that the permissions are now correct:
$ ls -ltr
....
-rwxr-xr-x 1 root em 585242 Jul 6 2013 nmosudo
-rws--x--- 1 root em 40007 Jul 6 2013 nmo
-rws--x--- 1 root em 57835 Jul 6 2013 nmhs
-rws--x--- 1 root em 22754 Jul 6 2013 nmb
-rwxr-xr-x 1 root em 43494 Jul 6 2013 nmgsshe
Stop and restart the Cloud Control Agent:
Example
$ cd /u01/app/oracle/product/Middleware/agent/core/12.1.0.1.0/bin
$ ./emctl stop agent
$ ./emctl start agent
Solution for Cause 2
If the mount point has nosuid option set, this problem should be corrected by the system administrator of the Unix system:
Backup, edit and save the file /etc/vfstab or /etc/fstab for the mount point where the Agent has been installed and remove the 'nosuid' / 'nosetuid' option.
On AIX operating system edit thefile /etc/filesystems.
(u01 in our example)
Stop and restart the Cloud Control Agent
$ cd $ORACLE_HOME/bin
Example
$ cd /u01/app/oracle/product/Middleware/agent/core/12.1.0.1.0/bin
$ ./emctl stop agent
$ ./emctl start agent
Reference :
========
Fix the Cloud Control Agent 12c error 'ERROR: NMO Not Setuid-root (Unix-only)' (Doc ID 146527)
1 comment:
Thanks, in my case I had the problem described as "cause 2". I was tired of always finding only the "cause 1" solution, which didn't work in my case.
Post a Comment