New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
oracle database: Unable to connect as "sys as sysdba" when oradata mapped to windows 10 volume #525
Comments
Hm, this is a strange error which I cannot reproduce with the commands that you have provided:
Where connecting works just fine:
And also here connecting works just fine:
Are you sure that the database came up successfully in step 2 and that there weren't any typos? |
I am not sure, but it looks like you ran your test with docker running on linux host instead of a windows 10 host? I suspect this because the path to your host volume does not start with a drive letter: I have run my tests a few times already and get the same results. I have also tried a test with using the '/' char instead of '' as the directory separator in the host volume path and get the same result. The database in step #2 come up fine and I am able to logon as another user: e.g.
I created another container (oracle3) using the command:
and I have attached the log output to this ticket. Would you be to perform these tests on a windows 10 host OS so as to be running in the same environment that I am? -Tom |
Hi @tomlprog, Yes, you are correct. I ran the tests on Oracle Linux 7.3, UEK4, Docker CE 17.03. Unfortunately I do not have a Windows environment available but given that it works on Linux I can only assume that it is an environment issue. On Linux I sometimes encountered problems with SELinux blocking certain commands and operations but on Windows I can unfortunately not comment on but merely suspect something similar. Thanks for attaching the output, it looks like everything went fine inside the container. It is very odd that only this username/password combination is failing while all the others work fine. Thx, |
I suspect that it has nothing to do with the SYS user because as the SYS user I can connect without the error if I do not specify any network/host connection info: e.g. docker exec -ti -u oracle oracle3 sqlplus SYS/Databas3 as sysdba I get the same results as above if I use the SYSTEM user instead of the SYS user. However, I can logon fine as SYSTEM if I do not specify "as sysdba" using any of the above connection info strings. I get the exact same results whether I run the sqlplus inside the container or outside the container: i.e. running sqlplus (or sql developer) on windows host Thanks, |
Hello, I can confirm the exact same issue on windows 10 with docker machine in virtualbox It might be related to the fact that the owner of oradata on windows shared folder is not oracle user (This is the only difference I see with the linux host but I did not find a way to assign it to oracle user ) :
|
We are facing this issue on Windows 10 too, SYS fails with invalid username/password. |
I am running on windows 10 host as well and I am having exact same issue, is there a solution to this issue? |
I am having the same issue. Windows 10 with a mapped volume for the database.
This is a blocking issue for me because there seems to be no way to administer the database. |
same problem on macOS High Sierra, bash-4.2# ls -la drwxrwx--- 1 oracle dba 4096 Jan 6 16:44 oraInventory after a chown -Rf oracle.dba /opt/oracle/oradata/ |
I am having the same issue running docker toolbox on Windows 7. When the volume is enabled and mapped then I cannot connect to sys from outside the container. If there is no volume mapped then I can connect just fine. I just tried and I can login with SYSTEM user but not SYS! What is the reason for this? |
The issue seems to be caused by the fact that no pwfile is generated when we're using volumes. You can see that if you check the contents of $ORACLE_HOME/dbs. As a workaround and until the Dockerfile is fixed, you can create the pwfile manually after you've changed the SYS password to your desired choice. All you need to do is: and you're done! |
Thanks, that does seem to be the problem, and creating the file will resolve it! |
I'm not sure why but when I use volumes the pwfile is generated but the setPassword.sh script doesn't work. What solved it was essentially following what babak4 said. I removed orapwORCLCDB (default SID name) after navigating to $ORACLE_HOME/dbs execute |
It doesn't work for me. I had that file created. I removed and createad again and I have the same error: |
It doesn't work for me either! I can reset system password using this method, but not sys password! |
As already stated in this thread, the problem comes from the In the docker image, this file is a static link to /opt/oracle/oradata/dbconfig/orapw$DB_SID On windows, if you map a volume, it will use underlying samba access your Windows host. The problem is that the FS rights are set to root:root through the Windows share with 755 rights. You cannot change those permissions and owner if on mapped windows volume. Oracle seems to refuse to authenticate users when this file has That explains why it works without volume mounted or in Unix envs. but not in Windows with win volume mounted. If you remove and recreate the orapw$DB_SID file, it will work only until next container restart, because you will replace the link by a local file which will have the correct |
Thanks a lot @samuelvetsch for adding the missing piece. If the permissions are |
Sounds strange, but is due to the specific mount inside the docker image: //10.0.75.1/C /opt/oracle/oradata cifs rw,relatime,vers=3.02,sec=ntlmsspi,cache=strict,username=svetsch,domain=EUROPE,uid=0,noforceuid,gid=0,noforcegid,addr=10.0.75.1,file_mode=0755,dir_mode=0755,iocharset=utf8,nounix,serverino,mapposix,nobrl,mfsymlinks,noperm,rsize=1048576,wsize=1048576,echo_interval=60,actimeo=1 0 0 Permission are forced as they cannot be handled by the Windows filesystem. Too be more precise, the problem is more related to the owner of the file rather to the permissions. I tried the following with a local password file:
I don't have a workaround so far appart from running as root. And knowing that DB files are remotely mounted, it may even rise some performance issues. This kind of mount shouldn't probably used on Windows platform. We should rather use volumes from other container instead even if it is less easier to manage shared files under Windows. |
Thanks @samuelvetsch for the follow up! Can you do me a favor and also show me whether the data files under |
The files are owned by root with the 755 perm:
The 777 abobe was just my test. The server can write to those files owned by root only because of the noperm flag of the CIFS file system (see /etc/mtab dump on my previous message). For the workaround, I also thought of doing this kind of copy on start and stop in order to keep the password file in sync between the Win and Unix file system. But I'm not fan on this ;-) The better solution would be to ask Docker team to be able to change the mount options (uid and gid) of the share in our image in order to make the shared file visible as the oracle user. Furthermore, the fact that Oracle files are processed through a samba share (even on localhost) warns me on performance issue that may arise. But I'm not a Oracle expert, I cannot state on this. |
Ah ok, that makes sense why they can be written to. Haha, neither am I. Just sounds very dirty :) Well, yeah. One of the many trade-offs of running database in a containerized environment. Either lose the data on container destruction or go via an NFS (or Samba on Windows) mount. |
After some search, it appears that the same request has already been sent to the docker team: But has been closed, no luck ! |
Seems like there could be a way:
|
The following works for me on Windows 7 using Docker-machine (and mounting to Windows). I don't know if it's also a solution for Win10 (with hyperv you don't need virtualbox probably) Create a folder on windows:
Now I start the container:
on docker-machine:
On Windows the mount is owned by my personal windows user.
Now when you reboot docker machine the /home/docker/data folder will be gone (read only). and add those lines after the proxy settings:
Just before the daemon starts your data will be mounted from windows. |
@lvthillo, your solution worked for me. Setting the UID and GID to oracle fixed it. I'm running on Windows 10 Home, using Virtualbox. If there's a way to mount a CIFS share to a specific UID/GID, that may pose a solution for a Hyper-V setup. Edit |
This issue has been automatically closed because there has been no response to our request for more information from the original author. With only the information that is currently in the issue, we don't have enough information to take action. Please reach out if you have or find the answers we need so that we can investigate further. |
The issue on ownership is still a problem with the latest oracle docker images for those using docker desktop on windows especially. Running this within the container:
There should be some scripted way for the oracle:dba user to take ownership over the mounted volume after the container is (re)started. Running this within the mounted volume location on windows, before or after restoring the files:
My use case involves backing up the oradata folder directly on windows, mounting it with docker run (supported only via docker daemon volume, not native windows mount versions), and/or mounting it as a named volume with docker-compose (not supported). |
I tested the docker image in windows and linux hosts and the problem persists on windows. As a workaround while It's found a better solution, the owner of the ora files can be changed moving the files into the container:
Doing that, I finally could login with system user. |
I also encountered this problem. After this month I upgrade Win11, the problem disappeared. |
I am also hitting this problem (still on windows 10). Hoping arisnegro's workaround works! |
I have created two containers created from the same "oracle/database 12.2.0.1-se2" image. The image was built on Windows 10 OS and I am running Docker For Windows Version 17.06.0-ce-win19 (12801).
and I can connect to the database running in the first container as:
and when I try to connect to the database running in the second container as I get the following error:
I also get the same error when I try to connect from my windows host:
I can connect to either database locally (inside the container) using the syntax:
This isn't blocking issue for me as I can work-around this by executing sql scripts as sysdba locally inside the container, but this might be a bigger concern for others that may not be able to do the same in their environments.
The text was updated successfully, but these errors were encountered: