APPLIES TO: Enterprise Manager Base Platform - Version 10.1.0.2 to 11.1.0.1 [Release 10.1 to 11.1] Generic UNIX SYMPTOMS: The Grid Control Management Agent has been installed in a Unix machine. Trying to perform some operations against any target monitored by this Agent from the Grid Control results in the error: ERROR: NMO not setuid-root (Unix-only). Examples of operations that can result in the above error: - Running a Job against this host : this can be OS Command, SQLPlus Script etc - Setting / Testing Preferred Credentials for this host - Configuring the database backup settings for a database on this host. - Trying to Clone an ORACLE_HOME, running the Patching Wizard / Deployment procedure against targets in this host. - Executing a User-Defined Metric against target in this host, - ... In summary, any operation which requires the Agent to login to the host and perform an activity may result in the above error. Example of error messages: Setting Host Credentials fails: the following error is recorded in the file emosm.trc located in the OMS $ORACLE_HOME/sysman/log directory: 2012-03-13 13:45:18,253 [559::EMUI_13_45_18_/console/pref/setCredentials$targetType=host] DEBUG emSDK.comm printXml.4424 - <EMDResponse> <RemoteOperationRes> <RemoteOperationError ERRMSG="ERROR: NMO not setuid-root (Unix-only)" ERRID="61"/> </RemoteOperationRes> </EMDResponse> CAUSE: 1. The <AGENT_HOME>/root.sh script was not run after the Agent installation. Check the permissions and ownership of the nmo and nmb executable in the <AGENT_HOME>/bin directory: $ cd <AGENT_HOME>/bin $ ls -al nmo $ ls -al nmb - For a 10G Agent, the output should be: -rwsr-s--- 1 root dba 22465 Apr 13 17:53 nmo -rwsr-s--- 1 root dba 18055 Apr 13 17:53 nmb - For a 11G Agent, the output should be: -rws--x--- 1 root oinstall 17190 Apr 28 23:13 nmb -rws--x--- 1 root oinstall 25123 Apr 28 23:13 nmo There may be more chances of hitting this issue when an 'Agent Push' installation has been performed from the Grid Control. When using this method, there is an option to run or NOT run the root.sh as part of the installation. If unticked, the user will have to ensure that the root.sh script is manually executed on the target machine, without fail, after the Agent installation. 2. The root.sh script may have been run but the mount point for the <AGENT_HOME> is set with a 'nosuid' / 'nosetuid' option. This can be verified by doing the mount command: mount or mount | grep nosuid and mount | grep nosetuid or check the entries in files: /etc/vfstab, /etc/fstab The 'nosetuid' option prevents mounted programs that have setuid permission to run with the permissions of their owners, regardless of who starts them. Without this option, if a program with setuid permission is owned by root, it will run with root permissions, regardless of who starts it. Sometimes 'nosuid' option is specified to protect the system against setuid programs that may run as root and damage the system. SOLUTION: 1. Stop the Agent: $ cd <AGENT_HOME>/bin $ emctl stop agent 2. To set the correct permissions: a) Run <AGENT_HOME>/root.sh , logged in as the root user. OR Change the permissions of the above executables manually: - Login as the root user: - Execute: For a 10G Agent: # cd <AGENT_HOME>/bin # chown root $ORACLE_HOME/bin/nmo # chmod 6750 $ORACLE_HOME/bin/nmo # chown root $ORACLE_HOME/bin/nmb # chmod 6750 $ORACLE_HOME/bin/nmb For a 11G Agent: # cd <AGENT_HOME>/bin # chown root $ORACLE_HOME/bin/nmo # chmod 4710 $ORACLE_HOME/bin/nmo # chown root $ORACLE_HOME/bin/nmb # chmod 4710 $ORACLE_HOME/bin/nmb Note: It is recommended to fix this issue by running the <AGENT_HOME>/root.sh script, rather than manually modifying the permissions. The root.sh script makes lot more changes which are needed for ensuring that the Agent is correctly configured on the Unix machine. b) If the mount point has nosuid option set, this problem should be corrected by the system administrator of the Unix system: - Edit the /etc/vfstab or /etc/fstab for the mount point where Agent has been installed and remove the 'nosuid' / 'nosetuid' option. On AIX operating system the /etc/filesystems is used configuring details about the mounting of local and remote file systems. - Save the file. - Restart the Agent on this machine and re-try the operation from the Console. Please contact your OS administrator if you need more assistance for the above. 3. Re-start the agent: $ cd <AGENT_HOME>/bin $ emctl start agent 4. Re-try the operation from the Grid Console. Note: In addition to nmo and nmb executables, the nmhs executable should also be owned by root and have the following permissions: - For a 10.2 Agent(nmhs did not exist in 10.1 Agent version): -rwsr-x--- 1 root oracle 46003 Jun 10 10:16 nmhs - For a 11g Agent: -rws--x--- 1 root oinstall 47287 Apr 28 23:13 nmhs
Recent Posts
