Solaris 11 /proc permission denied

permissions solaris-11

I have a Solaris 11.1 server running an Oracle database. I want to read the environment of a running oracle process, as the oracle user, like this:

$ id
uid=100(oracle) gid=100(oinstall)
$ ps -fuoracle | grep pmon
oracle  1651     1   0 10:25:37 ?           0:01 ora_pmon_TESTDB
$ pargs -e 1651
pargs: cannot examine 1651: permission denied
$ ls -ld /proc/1651
dr-x--x--x   5 oracle   oinstall     864 Nov 23 10:25 /proc/1651

How can I grant permissions for oracle to read processes that it already owns?

To answer Iain's question, the files under the PID directory have varied permissions, but are all still owned by oracle:oinstall, like this:

dr-x------   2 oracle   oinstall      32 Nov 23 10:25 contracts
-r--------   1 oracle   oinstall      36 Nov 23 10:25 cred
--w-------   1 oracle   oinstall       0 Nov 23 10:25 ctl
lr-x------   1 oracle   oinstall       0 Nov 23 10:25 cwd ->
dr-x------   2 oracle   oinstall     528 Nov 23 10:25 fd
-r--------   1 oracle   oinstall       0 Nov 23 10:25 ldt
-r--r--r--   1 oracle   oinstall     120 Nov 23 10:25 lpsinfo
-r--------   1 oracle   oinstall     816 Nov 23 10:25 lstatus
-r--r--r--   1 oracle   oinstall     536 Nov 23 10:25 lusage
dr-xr-xr-x   3 oracle   oinstall      64 Nov 23 10:25 lwp
-r--------   1 oracle   oinstall    9504 Nov 23 10:30 map
dr-x------   2 oracle   oinstall    1824 Nov 23 10:25 object
-r--------   1 oracle   oinstall  258800 Nov 23 10:25 pagedata
dr-x------   2 oracle   oinstall    2352 Nov 23 10:25 path
-r--------   1 oracle   oinstall      72 Nov 23 10:25 priv
-r--r--r--   1 oracle   oinstall     336 Nov 23 10:25 psinfo
-r--------   1 oracle   oinstall    9504 Nov 23 10:25 rmap
lr-x------   1 oracle   oinstall       0 Nov 23 10:25 root ->
-r--------   1 oracle   oinstall    2304 Nov 23 10:25 sigact
-r--------   1 oracle   oinstall    1136 Nov 23 10:25 status
-r--r--r--   1 oracle   oinstall     256 Nov 23 10:25 usage
-r--------   1 oracle   oinstall       0 Nov 23 10:25 watch
-r--------   1 oracle   oinstall  119016 Nov 23 10:25 xmap

Solaris uses now sets of privileges (see: 'man privileges' na 'man ppriv'). The pargs command could have inherited less privileges (from the shell) then the examined process 1651 had as effective. In effect it caused denying of permissions.

To examine process privileges one can use ppriv command:

ppriv -v ...

To set:

ppriv -s... ...

To list all privileges with their descriptions:

ppriv -lv

To see why there is a problem you could then use:

ppriv -D -e pargs -e 1651

Related

Centos7 mod_wsgi python3 django timeout error 504 Gateway error
Allow GRE (IP protocol 47) over Linux router NAT for a subnet
Cannot install git-core using macports
In the STP root bridge election process, how do switches advertise themselves as the root bridge if all of the ports start in the blocking state?
select an haproxy tcp back end depending on source ip
IP addressing issue
Ansible error when trying to ping Windows 10 host. No winrm module
proftpd gives 'login incorrect' error
How to Avoid Crazy Caching with "Vary: Cookie" Header in NGINX
MariaDB taking up 100-200% CPU
Skeleton files /etc/skel/ automatic syncing of changes to all users
What does it mean to fit "working set" into RAM for MongoDB?