Executing Oracle RAC cluster management commands such as $ORA_CRS_HOME/bin/crs_start requires root permissions.
Using Solaris RBAC (Role-Based Access Control), one can give a non-root user permissions to execute those commands, but the commands still fail internally. Example:
$pfexec /opt/11.1.0/crs/bin/crs_stop SomeArg
CRS-0259: Owner of the resource does not belong to the group.
Is there a complete RBAC solution for Oracle RAC or does the executor need to be root?
EDIT: Note that my original /etc/security/exec_attr contained:
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0
As Martin suggests below, this needed to be changed to add gid=0 as:
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0;gid=0
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0;gid=0