TNS-12555: TNS:permission denied – Listener won’t start

Got a strange and never before seen error when trying to restart a listener after routine reboot. Listener didn’t start automatically at startup which was the first indicator something wasn’t right…

[oracle@server ~]$ lsnrctl start

LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 23-FEB-2017 13:22:28

Copyright (c) 1991, 2011, Oracle.  All rights reserved.

Starting /dboracle/orabase/product/11.2.0/db_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.3.0 - Production
System parameter file is /dboracle/orabase/product/11.2.0/db_1/network/admin/listener.ora
Log messages written to /dboracle/orabase/product/11.2.0/diag/tnslsnr/server/listener/alert/log.xml
Trace information written to /dboracle/orabase/product/11.2.0/diag/tnslsnr/server/listener/trace/ora_32158_47794497354480.trc
Error listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-12555: TNS:permission denied
 TNS-12560: TNS:protocol adapter error
  TNS-00525: Insufficient privilege for operation
   Linux Error: 1: Operation not permitted

Listener failed to start. See the error message(s) above...

Hmmm. That’s an odd error. Is my environment right? Let’s call oraenv to make sure

[oracle@server ~]$ . oraenv
ORACLE_SID = [orcl] ?
The Oracle base remains unchanged with value /dboracle/orabase/product/11.2.0
[oracle@server ~]$ lsnrctl start

LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 23-FEB-2017 13:22:35

Copyright (c) 1991, 2011, Oracle.  All rights reserved.

Starting /dboracle/orabase/product/11.2.0/db_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.3.0 - Production
System parameter file is /dboracle/orabase/product/11.2.0/db_1/network/admin/listener.ora
Log messages written to /dboracle/orabase/product/11.2.0/diag/tnslsnr/server/listener/alert/log.xml
Trace information written to /dboracle/orabase/product/11.2.0/diag/tnslsnr/server/listener/trace/ora_32409_47086987152112.trc
Error listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
TNS-12555: TNS:permission denied
 TNS-12560: TNS:protocol adapter error
  TNS-00525: Insufficient privilege for operation
   Linux Error: 1: Operation not permitted

Listener failed to start. See the error message(s) above…Same problem.

Check in /var/tmp/.oracle to make sure no files are owned by root:

[oracle@server ~]$ cd /var/tmp/.oracle
[oracle@server .oracle]$ ls -ltr
total 108
prw-r--r-- 1 oracle oinstall 0 Apr 11  2013 npohasd
srwxrwxrwx 1 oracle oinstall 0 Apr 11  2013 s#25107.2
srwxrwxrwx 1 oracle oinstall 0 Apr 11  2013 s#25107.1
srwxrwxrwx 1 daemon root     0 Jun 12  2014 s#16978.2
srwxrwxrwx 1 daemon root     0 Jun 12  2014 s#16978.1
srwxrwxrwx 1 oracle oracle   0 Jan 18 20:10 s#11727.1
srwxrwxrwx 1 oracle oracle   0 Jan 18 20:10 s#11727.2
srwxrwxrwx 1 daemon root     0 Feb 17 09:23 sEXTPROC1521
srwxrwxrwx 1 daemon root     0 Feb 17 09:23 s#30053.2
srwxrwxrwx 1 daemon root     0 Feb 17 09:23 s#30053.1
-rw-r--r-- 1 oracle oracle   0 Feb 23 13:17 sprocr_local_conn_0_PROL_lock
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:17 sprocr_local_conn_0_PROL
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:17 sOHASD_UI_SOCKET
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:17 sOHASD_IPC_SOCKET_11
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:17 sserverDBG_OHASD
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:17 sCRSD_UI_SOCKET
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:18 sserverDBG_EVMD
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:18 sSYSTEM.evm.acceptor.auth
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:18 sCevm
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:18 sAevm
-rw-r--r-- 1 oracle oracle   0 Feb 23 13:18 sOCSSD_LL_server__lock
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:18 sOCSSD_LL_server_
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:18 sserverDBG_CSSD
-rw-r--r-- 1 oracle oracle   0 Feb 23 13:18 sOracle_CSS_LclLstnr_localhost_1_lock
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:18 sOracle_CSS_LclLstnr_localhost_1
-rw-r--r-- 1 oracle oracle   0 Feb 23 13:18 sOCSSD_LL_server_localhost_lock
srwxrwxrwx 1 oracle oracle   0 Feb 23 13:18 sOCSSD_LL_server_localhost

Aha! Problem found. Switch to root user and delete root owned files

[oracle@server .oracle]$ exit
logout
[root@server kateh]# cd /var/tmp/.oracle
[root@server .oracle]# rm s#16978.2 s#16978.1 s#30053.2  s#30053.1 sEXTPROC1521
rm: remove socket `s#16978.2'? y
rm: remove socket `s#16978.1'? y
rm: remove socket `s#30053.2'? y
rm: remove socket `s#30053.1'? y
rm: remove socket `sEXTPROC1521'? y

Switch back to oracle

[root@server .oracle]# su - oracle

Retry to start listener

[oracle@server ~]$ lsnrctl start

LSNRCTL for Linux: Version 11.2.0.3.0 - Production on 23-FEB-2017 13:24:04

Copyright (c) 1991, 2011, Oracle.  All rights reserved.

Starting /dboracle/orabase/product/11.2.0/db_1/bin/tnslsnr: please wait...

TNSLSNR for Linux: Version 11.2.0.3.0 - Production
System parameter file is /dboracle/orabase/product/11.2.0/db_1/network/admin/listener.ora
Log messages written to /dboracle/orabase/product/11.2.0/diag/tnslsnr/server/listener/alert/log.xml
Trace information written to /dboracle/orabase/product/11.2.0/diag/tnslsnr/server/listener/trace/ora_3845_47489300548336.trc
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.99.99.99)(PORT=1521)))
Listening on: (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))

Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=EXTPROC1521)))
STATUS of the LISTENER
------------------------
Alias                     LISTENER
Version                   TNSLSNR for Linux: Version 11.2.0.3.0 - Production
Start Date                23-FEB-2017 13:24:04
Uptime                    0 days 0 hr. 0 min. 0 sec
Trace Level               user
Security                  ON: Local OS Authentication
SNMP                      OFF
Listener Parameter File   /dboracle/orabase/product/11.2.0/db_1/network/admin/listener.ora
Listener Log File         /dboracle/orabase/product/11.2.0/diag/tnslsnr/server/listener/alert/log.xml
Listener Trace File       /dboracle/orabase/product/11.2.0/diag/tnslsnr/server/listener/trace/ora_3845_47489300548336.trc
Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=EXTPROC1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.99.99.99)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=127.0.0.1)(PORT=1521)))
Services Summary...
Service "EPOS" has 1 instance(s).
  Instance "EPOS", status UNKNOWN, has 1 handler(s) for this service...
Service "SUPPORT" has 1 instance(s).
  Instance "SUPPORT", status UNKNOWN, has 1 handler(s) for this service...
Service "dg4msql" has 1 instance(s).
  Instance "dg4msql", status UNKNOWN, has 1 handler(s) for this service...
The command completed successfully

Fixed, but what caused the files to be owned by root:daemon? Something for the next blog perhaps?

Leave a Reply