So thanks again and have a great weekend!!

I have for a couple of months periodically been troubled by an intermittent ORA-09225. Every now and then on one db instance one of these would pop up with the accompanying message “SVR4 Error: 13: Permission denied”.

Cause:
Sys Admins (root) were required to secure the audit trail files (SOX compliance) so created a once a day job to ‘chown root’ then ‘chmod 444′ each audit file so that DBA could still report on the contents of the files but not change them.

Problem exhibited when audit filenames were duplicated and Oracle could not overwrite an existing root/444 file. Old audit files were removed after six months so all possible filenames were never exhausted.

Other db instances did not exhibit this characteristic as there was very little maintenance and no regular jobs that generated auditable events. The database in question had a daily job that required the script to log in “/ as sysdba”, thus generating multiple audit files per day.

Solution:
Change root job to move the files out of the way so that there would be no further filename conflict.

General comment:
Don’t question how effective a once a day job is at protecting the audit files from a compromised Oracle account. It obviously isn’t effective at all. Compliance is compliance and the company auditors went away happy with another item checked off their list.