Execute Oracle RAC cluster commands via Solaris RBAC?

Question

Executing Oracle RAC cluster management commands such as $ORA_CRS_HOME/bin/crs_start requires root permissions.

Using Solaris RBAC (Role-Based Access Control), one can give a non-root user permissions to execute those commands, but the commands still fail internally. Example:

$pfexec /opt/11.1.0/crs/bin/crs_stop SomeArg
CRS-0259: Owner of the resource does not belong to the group.

Is there a complete RBAC solution for Oracle RAC or does the executor need to be root?

EDIT: Note that my original /etc/security/exec_attr contained:

MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0

As Martin suggests below, this needed to be changed to add gid=0 as:

MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start:uid=0;gid=0
MyProfile:suser:cmd:::/opt/11.1.0/crs/bin/crs_start.bin:uid=0;gid=0

Answer 1

Judging from the error (you need to add the exec_attr line to the question), you probably just set the uid, while the command seems to require the gid to be set too.