ORA-12791: The oradism utility does not have proper permissions.

 Symptoms: 

You have copied/movied to another disk or location the Oracle binary files that were already installed, after that you cannot startup the instance that raises an error.

Cause: 

During the copy/move of files, it was not preserved the file system permissions.

Solution:

There are couple of reasons why the error can report for a new software installation.

1.) root.sh was not run as part of the installation.

2.) The permissions are not set correctly on oradism or the oracle process.

[oracle@localhost bin]$ ls -ltr $ORACLE_HOME/bin/oracle

-rwxr-x--x 1 grid oinstall 474620976 Feb 9 11:45 /u01/app/21.0.0.0/grid/bin/oracle 

[oracle@localhost bin]$ ls -l oradism

-rwsr-x---. 1 root oinstall 1882760 Oct  7 07:57 oradism

For oracle, the file permission should be 6751

chmod 6751 oracle

For oradism, file permission should be 4750

chmod 4750 oradism

 

3.) The startup command run from another user which is not part of the “oradism” group.

4.) The oracle binary's group is different than oradism's group. Both should match.

[oracle@localhost bin]$ ls -l oracle

-rwsr-s--x. 1 oracle oinstall 536007304 Jan 27 09:13 oracle

[oracle@localhost bin]$ ls -l oradism

-rwsr-x---. 1 root oinstall 1882760 Oct  7 07:57 oradism

 

5.) Another  possible scenario for this problem :

The mount having the oradism binary is having "nosuid" option set.

With which even if the permissions are proper and kernel configurations are fine, the oradism  execution as root user will not be honored by root.

Check the mount (or /etc/fstab) for this case.

Hope this help.

References:

    Doc ID 2929596.1 - ORA-12791 Even if oradism Permissions Seems Correct

Certificate validation failure (missing or misconfigured Wallet)

Symptoms: 

Your Oracle PLSQL routine is trying to access a https website and you get such an error:

Exception in "begin_request":

Error Stack: ORA-29273: HTTP request failed

ORA-29024: Certificate validation failure

ORA-06512: at "SYS.UTL_HTTP", line 380

ORA-06512: at "SYS.UTL_HTTP", line 1189

Backtrace: ORA-06512: at "SYS.UTL_HTTP", line 380

ORA-06512: at "SYS.UTL_HTTP", line 1189

Cause: 

This is because there is no handshaking with encryptation channel between your database connection and the website that only respondes via https.

Solution:

All you need to do is to download the cert files from the https website you are trying to access (preferebly via firefox that is much easier to download).

Figure 1

Figure 2.

Figure 3.

• So now, go to your server and create a specific directory for your wallet and create one:

mkdir /u01/oracle-wallet -p

• Copy your certificate files to this folder

cp $STAGE_DIR/certificados/*.pem /u01/oracle-wallet

• Create the wallet

cd /u01/oracle-wallet

orapki wallet create -wallet https_wallet -pwd <create_new_password> -auto_login

• Add the certificate files to the wallet

cd /u01/oracle-wallet

orapki wallet add -wallet https_wallet -cert <your-cert-file>.pem -trusted_cert -pwd <set_your_password_created>

• List all added certificates into the wallet

cd /u01/oracle-wallet/https_wallet

orapki wallet display -wallet .

• Certainly you will need to configure the ACL (Access Control List) from your database, adjusting the code below.

$ sqlplus system/<password_user>

BEGIN

    DBMS_NETWORK_ACL_ADMIN.APPEND_HOST_ACE(

        host => '*',

        ace => xs$ace_type(privilege_list => xs$name_list('connect','resolve','http'),

                           principal_name => '<YOUR_SCHEMA_HERE>',

                           principal_type => xs_acl.ptype_db));

END;

/

• To test that is working, adapt your code to include the wallet path and password, such example:

DECLARE

  req   UTL_HTTP.req;

  resp  UTL_HTTP.resp;

BEGIN

  UTL_HTTP.SET_WALLET('file:<wallet_path_here>', '<your_password>';

  req := UTL_HTTP.begin_request('https://<https_address>');

  resp := UTL_HTTP.get_response(req);

  UTL_HTTP.end_response(resp);

END;

/

Hope this help.