sys用户权限不足，本地登录失败 |ORA-01031 insufficient privileges|

原文地址：http://www.cnblogs.com/killkill/archive/2010/09/21/1832835.html

登录oracle报错

[oracle@wz_oracle2 dbs]$ sqlplus system/oracle as sysdba    
 
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Sep 21 16:41:01 2010
 
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
 
ERROR:
ORA-01031: insufficient privileges
 
Enter user-name:

 一般来说，ORA-01031都是出现在忘记输入as sysdba的时候出现的，这是为什么呢？

      试一下其他方式登录：

[oracle@wz_oracle2 dbs]$
[oracle@wz_oracle2 dbs]$
[oracle@wz_oracle2 dbs]$ sqlplus system/oracle 
 
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Sep 21 16:41:05 2010
 
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
 
 
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
 
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
 
[oracle@wz_oracle2 dbs]
[oracle@wz_oracle2 dbs]
[oracle@wz_oracle2 dbs]$ sqlplus sys/oracle as sysdba
 
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Sep 21 16:41:16 2010
 
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
 
 
Connected to:
Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options
 
SQL> exit
Disconnected from Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
With the Partitioning, OLAP and Data Mining options

  system 可以登录，由于是新装的数据库，所以system用户不会具有sysdba的权限，可以判断system用的是密码认证方式，密码登录没有问题证明数据库没有问题；

 

      sys用户默认是sysdba，可以通过操作系统认证登录（dba组中的用户自动视为认证通过）或者使用密码文件进行认证的方式登录（常见于远程登录），修改密码文件的名字再登录：

[oracle@wz_oracle2 dbs]$ mv orapwora8i orapwora8i---
[oracle@wz_oracle2 dbs]$ sqlplus sys/oracle as sysdba
 
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Sep 21 20:34:28 2010
 
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
 
ERROR:
ORA-01031: insufficient privileges
 
Enter user-name:

 登录失败，可以判断 sys 使用了密码文件进行登录认证。

 

      现在可以基本认为 sys 用户在操作系统认证这一关过不去了。由于这次安装是使用响应文件进行静默安装的，估计问题就出在这个响应文件上，于是再次仔细审查响应文件的每一个选项，特别是涉及“组”的选项：

[oracle@wz_oracle2 ~]$ id
uid=500(oracle) gid=500(dba) groups=500(dba)
[oracle@wz_oracle2 ~]$ cat enterprise.rsp | egrep -i "grp|group"
UNIX_GROUP_NAME="dba"
s_nameForDBAGrp="oracle"
s_nameForOPERGrp="oracle"
[oracle@wz_oracle2 ~]$

 果然，指定的DBA组合Oper组不对，大意啦~~~~~~。

 

      这个问题应该如何解决呢，当然全部推倒重来也是可以的，但是有没有“成本”更小的方法呢？求助于万能的google轻易地找到了解决方案，就是修改 $ORACLE_HOME/rdbms/lib/config.c 这个文件：

[oracle@wz_oracle2 ~]$ cat $ORACLE_HOME/rdbms/lib/config.c
/*  SS_DBA_GRP defines the UNIX group ID for adminstrative access.  */
/*  Refer to the Installation and User's Guide for further information.  */
  
#define SS_DBA_GRP "oracle"   /* 改成 dba */
#define SS_OPER_GRP "oracle"  /* 改成 dba */
  
char *ss_dba_grp[] = {SS_DBA_GRP, SS_OPER_GRP};

 再执行 relink all 就可以了：

[oracle@wz_oracle2 ~]$ cat $ORACLE_HOME/rdbms/lib/config.c
/*  SS_DBA_GRP defines the UNIX group ID for adminstrative access.  */
/*  Refer to the Installation and User's Guide for further information.  */
  
#define SS_DBA_GRP "dba"
#define SS_OPER_GRP "dba"
  
char *ss_dba_grp[] = {SS_DBA_GRP, SS_OPER_GRP};
[oracle@wz_oracle2 ~]$ relink all
.................
.................
.................
.................
.................
[oracle@wz_oracle2 ~]$
[oracle@wz_oracle2 ~]$ sqlplus / as sysdba 
 
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Sep 21 20:48:03 2010
 
Copyright (c) 1982, 2005, Oracle.  All rights reserved.
 
Connected to an idle instance.
 
SQL> startup ; 
ORACLE instance started.
 
Total System Global Area  599785472 bytes
Fixed Size                  2022600 bytes
Variable Size             171967288 bytes
Database Buffers          419430400 bytes
Redo Buffers                6365184 bytes
Database mounted.
Database opened.
SQL>

 问题解决，使用响应文件静默安装的方式看起来很酷，但是一定要小心谨慎。