Topic: Oci8Exception ORA-12546: TNS:permission denied

Hello.

I have oracle 12c, PHP 7.4.6 with oci8 enabled and laravel 7.11 with the necessary for communication with oracle, yajra library on my CENTOS 8 server.

Everytime I try to run a db query via laravel I get this error:

Yajra\Pdo\Oci8\Exceptions\Oci8Exception
ORA-12546: TNS:permission denied

After googling a lot, I found that this error has to do with the apache server environmental variables setting up and not with wrong permissions as I thought.

For example on a previous centos distro we should edit httpd

to point the oracle position:

ORACLE_HOME=/home/data/oracle/12c/dbhome_1
PATH=$PATH:$ORACLE_HOME/bin
LD_LIBRARY_PATH=$ORACLE_HOME/lib
TNS_ADMIN=$ORACLE_HOME/network/admin

In fact, on my current centos 8 I cannot find how to edit the apache variables.

Could you please help me?

Thank you a lot!

Re: Oci8Exception ORA-12546: TNS:permission denied

> In fact, on my current centos 8 I cannot find how to edit the apache variables.

CentOS 8 uses php-fpm, so you need to set TNS_ADMIN, NLS_LANG... in systemd uni file.

As explained in https://blog.remirepo.net/post/2020/05/ … ns-for-PHP for LD_LIBRARY_PATH

# systemctl edit php-fpm

And add needed env.

[Service]
Environment=TNS_ADMIN=/home/data/oracle/12c/dbhome_1/network/admin



P.S. TNS_ADMIN is only needed to locate tnsnames.ora if you use old connection way (using only SID), not needed with easy connect (using //server.domain/tld/SID)

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Oci8Exception ORA-12546: TNS:permission denied

Hi Remi,

I tried to follow your instructions.

Below you can see the results of (1)php --ri oci8 and (2)the variables set on my system. The LD_LIBRARY_PATH is set as LD_LIBRARY_PATH=/home/data/oracle/12c/dbhome_1/lib:/lib:/usr/lib:/usr/lib64.

---------------
(1)
# php --ri oci8

oci8

OCI8 Support => enabled
OCI8 DTrace Support => enabled
OCI8 Version => 2.2.0
Oracle Run-time Client Library Version => 19.6.0.0.0
Oracle Compile-time Instant Client Version => 19.6

Directive => Local Value => Master Value
oci8.max_persistent => -1 => -1
oci8.persistent_timeout => -1 => -1
oci8.ping_interval => 60 => 60
oci8.privileged_connect => Off => Off
oci8.statement_cache_size => 20 => 20
oci8.default_prefetch => 100 => 100
oci8.old_oci_close_semantics => Off => Off
oci8.connection_class => no value => no value
oci8.events => Off => Off

Statistics => 
Active Persistent Connections => 0
Active Connections => 0


-------------------------
(2)
$ printenv

LS_COLORS=rs=0:di=38;5;33:ln=38;5;51:mh=00:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=01;05;37;41:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;40:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.zst=38;5;9:*.tzst=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.wim=38;5;9:*.swm=38;5;9:*.dwm=38;5;9:*.esd=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.mjpg=38;5;13:*.mjpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.m4a=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.oga=38;5;45:*.opus=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:
LD_LIBRARY_PATH=/home/data/oracle/12c/dbhome_1/lib:/lib:/usr/lib:/usr/lib64
XDG_MENU_PREFIX=gnome-
ORACLE_SID=orcl
ORACLE_BASE=/home/data/oracle
LANG=en_US.UTF-8
GDM_LANG=en_US.UTF-8
HISTCONTROL=ignoredups
DISPLAY=:0
ORACLE_HOME=/home/data/oracle/12c/dbhome_1
HOSTNAME=corona
COLORTERM=truecolor
USERNAME=oracle
XDG_VTNR=2
SSH_AUTH_SOCK=/run/user/1001/keyring/ssh
S_COLORS=auto
CLASSPATH=/home/data/oracle/12c/dbhome_1/jlib:/home/data/oracle/12c/dbhome_1/rdbms/jlib
XDG_SESSION_ID=2
USER=oracle
DESKTOP_SESSION=gnome
WAYLAND_DISPLAY=wayland-0
GNOME_TERMINAL_SCREEN=/org/gnome/Terminal/screen/a4c59b3d_e1e2_4880_82a6_62da836b29f6
PWD=/home/oracle
HOME=/home/oracle
XDG_SESSION_TYPE=wayland
XDG_DATA_DIRS=/home/oracle/.local/share/flatpak/exports/share/:/var/lib/flatpak/exports/share/:/usr/local/share/:/usr/share/
XDG_SESSION_DESKTOP=gnome
GJS_DEBUG_OUTPUT=stderr
MAIL=/var/spool/mail/oracle
VTE_VERSION=5202
TERM=xterm-256color
SHELL=/bin/bash
QT_IM_MODULE=ibus
XMODIFIERS=@im=ibus
XDG_CURRENT_DESKTOP=GNOME
GNOME_TERMINAL_SERVICE=:1.98
XDG_SEAT=seat0
SHLVL=2
GDMSESSION=gnome
GNOME_DESKTOP_SESSION_ID=this-is-deprecated
LOGNAME=oracle
DBUS_SESSION_BUS_ADDRESS=unix:path=/run/user/1001/bus
XDG_RUNTIME_DIR=/run/user/1001
PATH=/home/data/oracle/12c/dbhome_1/bin:/home/oracle/.local/bin:/home/oracle/bin:/home/data/oracle/12c/dbhome_1/bin:/home/oracle/.local/bin:/home/oracle/bin:/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/home/data/oracle/12c/dbhome_1/bin
HISTSIZE=1000
GJS_DEBUG_TOPICS=JS ERROR;JS LOG
SESSION_MANAGER=local/unix:@/tmp/.ICE-unix/2823,unix/unix:/tmp/.ICE-unix/2823
LESSOPEN=||/usr/bin/lesspipe.sh %s
_=/usr/bin/printenv
-------------------------

I also ran

systemctl edit php-fpm

and added the following lines

[Service]
Environment=TNS_ADMIN=/home/data/oracle/12c/dbhome_1/network/admin

and restarted httpd service. But the TNS Error was not fixed.

What else could I try?

Thank you very much!

Re: Oci8Exception ORA-12546: TNS:permission denied

> and restarted httpd service. But the TNS Error was not fixed.

Sorry, no idea, this error does not seem related to the package installation.

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Oci8Exception ORA-12546: TNS:permission denied

> and restarted httpd service. But the TNS Error was not fixed.

Of course, you have to restart the php-fpm service, not httpd...

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi

Re: Oci8Exception ORA-12546: TNS:permission denied

Hi Remi!

I did also restart the php-fpm service but the error persists.

Well, it seems I'm seriously stuck! Do you think the variables are ok?

What I find strange is that I can migrate tables created with laravel to oracle database (eg I create the table with php code and then with

$ php artisan migrate

the table is created into the db).

Re: Oci8Exception ORA-12546: TNS:permission denied

Hi Remi!

After researching more, someone suggested this solution on stackoverflow:

# setsebool -P httpd_can_network_connect on

I haven't understood yet what it does but it worked for my case! He suggests that "this happens because the machine has SELinux activated, usually in the enforcing mode. I would not recommend to disable SELinux, but setting it to permissive looks to ease the process of identifying some problems with it. You can check SELinux status by sestatus."

For your info, the link is this
https://stackoverflow.com/questions/325 … ion-denied

Re: Oci8Exception ORA-12546: TNS:permission denied

great smile

Laptop:  Fedora 38 + rpmfusion + remi (SCL only)
x86_64 builder: Fedora 39 + rpmfusion + remi-test
aarch64 builder: RHEL 9 with EPEL
Hosting Server: CentOS 8 Stream with EPEL, rpmfusion, remi