从Oracle存储过程运行系统命令
[英]run system command from Oracle stored procedure
问题描述
I am trying to run the following command: 
我正在尝试运行以下命令:
select os_command.exec('/bin/mkdir /home/smucha/testdir_ora3') from dual;
/
This works fine when I am logged in as SYS . 当我以SYS身份登录时,这可以正常工作。
When I try to run is as a user SEBA I get the following error: 当我尝试以用户SEBA身份运行时,出现以下错误:
ORA-29532: java.security.AccessControlException: the Permission (java.io.FilePermission /bin/mkdir execute) has not been granted to SEBA. The PL/SQL to grant this is dbms_java.grant_permission( 'SEBA', 'SYS:java.io.FilePermission', '/bin/mkdir', 'execute' )
ORA-06512: at "SEBA.OS_COMMAND", line 68
29532. 00000 - "Java call terminated by uncaught Java exception: %s"
*Cause: A Java exception or error was signaled and could not be
resolved by the Java code.
*Action: Modify Java code, if this behavior is not intended.
I have tried to grant the required permission using SYS account. 我试图使用SYS帐户授予所需的权限。
After executing the following code: 执行以下代码后:
call dbms_java.grant_permission( 'SEBA',
'SYS:java.io.FilePermission', '/bin/mkdir', 'execute' );
I get: 我得到:
dbms_java.grant_permission 'SEBA', succeeded.
However, when I try to execute the command: 但是,当我尝试执行命令时:
select os_command.exec('/bin/mkdir /home/smucha/testdir_ora3') from dual;
/
I get the same error as before. 我收到与以前相同的错误。
Can you please advise what do I need to do to run os commands? 您能告诉我我需要做什么来运行os命令吗?
Everything works when I am connected as SYS , so it looks like user SEBA has some permission problems. 当我以SYS身份连接时,一切正常,因此看来SEBA用户存在一些权限问题。
I just do not know which permissions to grant? 我只是不知道要授予哪些权限?
1 个解决方案
解决方案1
0 2017-01-30 06:43:06
I just want to share my experience , stored procedures won't accept the ddl privileges provided via the role.So the privilege which you are trying to give to user seba is via role then it is not valid.Example if you are having role which having privilege create table and if you assign this role to seba,seba can't create the table via stored procedure.So we have to give grant create any table to seba directly or you have to use authid current user while creating stored procedure.So please check whether you are giving direct privilege to seba or via role in this case. 我只是想分享一下我的经验,存储过程将不接受通过角色提供的ddl特权,因此您试图赋予用户seba的特权是通过角色进行的,那么它是无效的。具有创建表的特权,并且如果您将此角色分配给seba,则seba无法通过存储过程创建表。因此,我们必须直接授予Grant创建任何表到seba,否则您在创建存储过程时必须使用当前的authid。在这种情况下,请检查您是授予seba直接权限还是通过角色授予权限。
check seba is having create any directory privilege if not then provide grant create any directory to seba and ensure seba got privilge from select * from dba_directories; 检查seba是否具有创建任何目录特权的权限,然后提供授权给seba创建任何目录,并确保seba从dba_directories的select *中获得特权;
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.