Privilege question
Hello,
I've gotten a queue (owned by user A), on which user
B wants to post a message. I took care that user B got
the privileges to do so (dbms_aqadm.grant_queue_privilege).
And indeed, user B can post messages.
However, if user B tries to post a message larger than
a certain limit (don't know the exact limit), it stops
working.
By turning on tracing, I see that the last statement executed is:
SELECT user_data FROM COMS_DATA.TOCOMMTAB where msgid = :1
where COMS_DATA.TOCOMMTAB is the underlying queue table.
By manually granting select, insert and update privileges
on that table to user B, I managed to get everyting to work
fine.
But why is this needed ? Shouldn't this be granted
implicitly because of the grant_queue_privilege ?
Regards,
Francois.
Hello,
I've gotten a queue (owned by user A), on which user
B wants to post a message. I took care that user B got
the privileges to do so (dbms_aqadm.grant_queue_privilege).
And indeed, user B can post messages.
However, if user B tries to post a message larger than
a certain limit (don't know the exact limit), it stops
working.
By turning on tracing, I see that the last statement executed is:
SELECT user_data FROM COMS_DATA.TOCOMMTAB where msgid = :1
where COMS_DATA.TOCOMMTAB is the underlying queue table.
By manually granting select, insert and update privileges
on that table to user B, I managed to get everyting to work
fine.
But why is this needed ? Shouldn't this be granted
implicitly because of the grant_queue_privilege ?
Regards,
Francois.
Similar Messages
-
System and Object privileges question
hello everyone.
I was really making it a priority to really understand both system and object privileges for users. I have setup a couple of 'sandboxes' at home and have done lots of testing. So far, it has gone very well in helping me understand all the security involved with Oralce (which, IMHO, is flat out awesome!).
Anyway, a couple of quick questions.
As a normal user, what view can I use to see what permissions I have in general? what about permissions on other schemas?
I know I can do a:
select * from session_privs
which lists my session privileges.
What other views (are they views/data dictionary?) that I can use to see what I have? Since this is a normal user, they don't have access to any of the DBA_ views.
I'll start here for now, but being able to see everything this user has, would be fantastic.
Cheers,
TCGSorry. should have elaborated more.
In SQLPLUS, (logged in while logged into my Linux OS), I am working to try and get sqlplus to display the results of my query so it is easy to read. Right now, it just displays using the first 1/4 or 1/3 of the monitor screen to the left. Make sense? So it does not stretch the results out to utilize the full screen. it is hard to break down and read the results because they are "stacked" on top of each other.
Would be nice if I could adjust sqlplus so the results are easier to read.
HTH.
Jason -
Version Info: Oracle version 11gR2 running on windows server 2008.
I have a question on something that i didnt understand with regards to a role.
I have a table called abc owned by a schema called MainSchema. I created a role in this schema called updateweb which has an update privilege granted to abc table.
grant update on MainSchema.abc to updateweb; I granted the update privilege on the above role to another schema called webusers.
grant updateweb to webusers; However when i run an update statement on behalf of the schema webusers on the table abc, from an asp.net webpage, i get an ora-1031 insufficient privileges.
However if i directly grant like this
grant update on mainschema.abc to webusers; (from mainschema) it works.
Why doesnt it work if used from a role???
Thanks.I don't understand why almost everyone here
- refuses to read documentation
- refuses to use Google
- refuses to use the 'Search' link
- doesn't read about the Etiquette in this Forum, which includes you should consult documentation prior to posting
Assuming the context of your unknown update statement is a stored procedure
this question has been asked a gazillion times by people as equally lazy as you.
It has also been answered a gazillion times by people called 'volunteers'.
The answer has always been the same
As roles are volatile, they are disabled during compilation of stored procedures etc.
What works is
- the stored procedure is in the same schema as the affected table, execute privilege can be given to a role
- the procedure is created with 'authid current_user'
- the worst solution: access is granted directly
What is so special about you you think you are the only one with this non-issue?
Sybrand Bakker
Senior Oracle DBA -
Hello friends,
Is possible to view personal folders of other users?? I have administrator of my obiee and when I go to Manage Catalog and then My Folders and I click on users I can see all users but I can't click in their folders, is possible to have access there?
And a second question, is possible to do privileges one user to view dashboards but this user not see shared folders? (Reports of these dashboards are in shared folders).
Thank you!
Edited by: Alex1 on 25-feb-2009 2:01Alex,
This is something you should experiment with, however, I thought that you should be able to do both. OK, I just tried fulfilling your first request and failed. For some reason, I could only view 1 user's "My Folder". For the second, I think it won't work - since user should have access to the reports - on the Dashboard - he'd get a message like "Permission denied" - it's by design.
Alex, if you post a summary of your security requirements, I think there could be workarounds. Anyone, please feel free to comment, but I think it's "not possible to both". -
This is not a duplicate post. User Wilhem posted it in the wrong forum.
In the below mentioned link, user CD has provided a quick way to grant privileges to another user. But it didn't work for me. Is there something wrong with with the DECODE expressions?
Re: Granting Privileges questionInstead of granting privileges to a user, i wanted to grant these privileges to a role. So i created a role
CREATE ROLE jenrole;
And then i tried the below mentioned script. But i am getting error
DECLARE
v_sql VARCHAR2(4000);
BEGIN
FOR obj IN (SELECT object_name
, object_type
, DECODE (OBJECT_TYPE,
'PROCEDURE','EXECUTE',
'FUNCTION' ,'EXECUTE',
'PACKAGE' ,'EXECUTE',
'SYNONYM' ,'SELECT' ,
'SELECT, INSERT, UPDATE, DELETE') rights
FROM user_objects)
LOOP
v_sql := 'GRANT '|| obj.rights ||' ON '|| obj.object_name ||' TO JENROLE' ;
dbms_output.put_line(v_sql);
EXECUTE IMMEDIATE v_sql; END LOOP;
END;
ERROR at line 1:
ORA-00911: invalid character
ORA-06512: at line 16
Why am i getting error? The error line is boldened -
Hi, the oracle documentation says:
A user automatically has all object privileges for schema objects contained in his or her schema. A user can grant any object privilege on any schema object he or she owns to any other user or role. A user with the GRANT ANY OBJECT PRIVILEGE can grant or revoke any specified object privilege to another user with or without the GRANT OPTION of the GRANT statement. Otherwise, the grantee can use the privilege, but cannot grant it to other users.
For example, assume user SCOTT has a table named t2:
SQL>GRANT grant any object privilege TO U1;
SQL> connect u1/u1
Connected.
SQL> GRANT select on scott.t2 \TO U2;
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'employees';
GRANTEE OWNER GRANTOR PRIVILEGE GRA
U2 SCOTT SCOTT SELECT NONow this confuses me. Surely it is U1 who is the grantor, and not Scott, no??Oracleguy,
I do got your point but I guess the right reason for this would be this only that even though the user U1 didn't have the privilege and could grant it only because of Grant Any Object priv, he is not shown as the grantor but Scott does!
[oracle@edhdr1p0-prod sqlplus]$ sqlplus / as sysdba
SQL*Plus: Release 11.2.0.1.0 Production on Thu Feb 18 09:19:39 2010
Copyright (c) 1982, 2009, Oracle. All rights reserved.
Connected to:
Oracle Database 11g Enterprise Edition Release 11.2.0.1.0 - Production
With the Partitioning, OLAP, Data Mining and Real Application Testing options
SQL> create user u1 identified by u1;
User created.
SQL> grant create session, create table to u1;
Grant succeeded.
SQL> conn u1/u1
Connected.
SQL> select * from tab;
no rows selected
SQL> conn scott/tiger
Connected.
SQL> create table t2( a number);
Table created.
SQL> conn / as sysdba
Connected.
SQL> grant grant any object privilege to u1;
Grant succeeded.
SQL> conn u1/u1
Connected.
SQL> select * from scott.t2
2 ;
select * from scott.t2
ERROR at line 1:
ORA-01031: insufficient privileges
SQL> grant select on scott.t2 to system;
Grant succeeded.
SQL> conn / as sysdba
Connected.
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'T2';
WHERE TABLE_N 'T2'
ERROR at line 2:
ORA-00920: invalid relational operator
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
2 where table_name='T2';
GRANTEE OWNER
GRANTOR PRIVILEGE GRA
SYSTEM SCOTT
SCOTT SELECT NO
SQL>
Now, when I explicitly give the priv to U1 and than he grants it, he is shown as the Grantee
Sorry, I didn't realize that its still Scott only which is shown at both the places.
USER is "SYS"
SQL> grant select on scott.t2 to U1;
Grant succeeded.
SQL> conn u1/u1
Connected.
SQL> grant select on scott.t2 to system;
Grant succeeded.
SQL> conn / as sysdba
Connected.
SQL> SELECT GRANTEE, OWNER, GRANTOR, PRIVILEGE, GRANTABLE FROM DBA_TAB_PRIVS
WHERE TABLE_NAME = 'T2'; 2
GRANTEE OWNER
GRANTOR PRIVILEGE GRA
SYSTEM SCOTT
SCOTT SELECT NO
U1 SCOTT
SCOTT SELECT NO
SQL> Update:
Oracleguy,
This is what I found about this priv from docs,
http://download.oracle.com/docs/cd/E11882_01/server.112/e10592/statements_9013.htm#i2077938
GRANT ANY OBJECT PRIVILEGE
Grant any object privilege that the object owner is permitted to grant.So I guess this should explain what is being shown in the view. Since the owner is Scott who is permitted to grant the privilege , its his name which is shown here since its his privilege which is passed to the second user. Does that sounds like a reasonable explanation?
HTH
Aman....
Edited by: Aman.... on Feb 18, 2010 9:36 AM
Edited by: Aman.... on Feb 18, 2010 11:55 AM added update -
Administrator privileges question
I recently restored my start up drive (from Time Machine drive) after upgrading to snow leopard.
By accident I created another user account in my computer. So then I logged in in my desired account and deleted the new one that was created by accident.
I dont know if it a new feature of SL but I see that some folders have a red dash meaning there are not accessible. When I click on them it says it cannot open because I don't have privileges...
did I mess it up?
There are a few of them but I would like to know if I can remove these red dashes from the folders so they are accessible.
ThanksWhich folders are they? You can try clicking on the folder > Right Click > Get Info. At the bottom, you will see the privileges, click the "+" button and add yourself with Read/Write. That may work.
-
While loading ITunes I got this messege, Service "Apple Mobile Device" failed to start. Verify that you have sufficient privileges to start system services. My question is, How do I verify if I have sufficient privileges?
Hello hurleygirl63,
Thank you for the details of the issue you are experiencing with iTunes. I recommend following the steps in the article below:
How to restart the Apple Mobile Device Service (AMDS) on Windows
http://support.apple.com/kb/TS1567
Thank you for using Apple Support Communities.
Best,
Sheila M. -
Question on Privileges to Approve Items
AS PER PORTAL'S ONLINE HELP, ONLY "FOLDER OWNERS" OR "CONTENT AREA ADMINISTRATOR" CAN APPROVE ITEMS CREATED BY A USER WITH "CREATE W/APPROVAL" PRIVILEGE.
BUT I NOTICED THAT USERS WITH "MANAGE ITEMS" PRIVILEGE CAN ALSO SEE AND APPROVE THE ABOVE ITEMS.
IS THIS CORRECT BEHAVIOUR?
I AM USING PORTAL 3.0.9 / W2000
TKS!!!The reason for the parsing (I thought I explained it, must have been too vague) is I have about 30 agencies in a csv file.
Each agency can be determined by their subnet(s) and domain(s)
I need to put all lines in the csv relating to each agency in their own separate csv file to distribute to them so I am not sharing agency 'A' info with the other 29 agencies.
I get the regex comment. Thank you. For some reason I am rather hesitant to use PCRE under windows. I'll see how it works.
Your comment on "Reloading a large file repeatedly takes more time", is the exact reason why I asked the question. I want to get away from that.
I appreciate your quick reply, I think your example will work nicely.
-= Bruce -
General Questions about Oracle Roles/Privileges
Hi,
I have a few questions I'm hoping to get clarification on:
1 - Is there a view similar to DBA_SYS_PRIVS/DBA_TAB_PRIVS that shows which system privileges have been assigned to users/accounts ONLY, filtering out roles? If not, how would one go about obtaining this list?
2 - Is there a view similar to DBA_ROLE_PRIVS that shows also just shows which users have been assigned to which roles ONLY, again filtering out roles? If not, how would one go about obtaining this list? I assume some type of recursion has to be done here to flatten out the roles.
My end goal is this:
- List of all users and directly assigned system privileges only
- List of all users and directly assigned table/object privileges only
- List of all users and all roles (if role X contains role Y, this list should show user has role X and Y)
Many thanks!1 - Is there a view similar to DBA_SYS_PRIVS/DBA_TAB_PRIVS that shows which system privileges have been assigned to users/accounts ONLY, filtering out roles? If not, how would one go about obtaining this list?
it's simple:
select grantee, privilege from dba_sys_privs where grantee in (select username from dba_users);
select grantee, owner, table_name, privilege from dba_tab_privs where grantee in (select username from dba_users);
2 - Is there a view similar to DBA_ROLE_PRIVS that shows also just shows which users have been assigned to which roles ONLY, again filtering out roles? If not, how would one go about obtaining this list? I assume some type of recursion has to be done here to flatten out the roles.
select grantee, granted_role from dba_role_privs where grantee in (select username from dba_users);
select grantee, granted_role from dba_role_privs where grantee in (select role from dba_roles);Hope this helps... -
Hi All
I did a queries
SELECT GRANTEE, PRIVILEGE,GRANTABLE FROM DBA_TAB_PRIVS
WHERE TABLE_NAME='TABLE1' AND GRANTEE IN ('USER1', 'USER_ROLE');
GRANTEE PRIVILEGE GRANTABLE
USER1 SELECT NO
USER1 INSERT NO
USER1 DELETE NO
USER1 UPDATE NO
USER_ROLE SELECT YES
USER_ROLE INSERT YES
USER_ROLE DELETE YES
USER_ROLE UPDATE YES
SELECT 'ROLE' TYP, GRANTEE, GRANTED_ROLE, ADMIN_OPTION FROM DBA_ROLE_PRIVS WHERE GRANTEE ='USER1';
TYP GRANTEE GRANTED_ROLE ADMIN_OPTION
ROLE USER1 CONNECT NO
ROLE USER1 RESOURCE NO
ROLE USER1 USER_ROLE NO
My question is since the USER1 is granted the role of USER_ROLE, will it cause conflict to the table privilege?
Because I can't perform Insert when I'm using USER1. It give me an error of ORA-01031L insufficent privileges SQL source: ..Since you did not mention how you are performing the Inserts/DML's on the TABLE1, and you are facing privileges issues, I presume you are performing it from a PL/SQL Block. However, the priviliges acquired via a Role are not valid in Function/Procedure. You need to have explicit privileges to perform an action in Function/Procedure.
Even without the privilege, you would be able to perform the Inserts/DML's as in static SQL statements that are not contained in PL/SQL blocks.
Try:
grant insert on table1 to user1; -
Question - error message when trying to sync and download music iPhone.
Same problem with my iphone too
is ur problem resolved? -
Error question - access privileges
I used to be able to save and edit my work in photoshop elements 9. Now I get an error message that reads:
"could not save... because you do not have the necessary access privileges"
Can anyone help me figure this out? I was first told that I needed to create an Adobe account. Which I did, but I could not log onto that either.
Thanks,
buzobuzo1First check the save as window to see where you are saving. Has that location gotten changed?
-
Hi All
The question is pretty simple. I can successfully connect to my ASA 5505 firewall via cisco vpn client 64 bit , i can ping any ip address on the LAN behind ASA but none of the LAN computers can see or ping the IP Address which is assigned to my vpn client from the ASA VPN Pool.
The LAN behind ASA is 192.168.0.0 and the VPN Pool for the cisco vpn client is 192.168.30.0
I would appreciate some help pls
Here is the config:
ASA Version 7.2(4)
hostname ciscoasa
domain-name default.domain.invalid
enable password J7NxNd4NtVydfOsB encrypted
passwd 2KFQnbNIdI.2KYOU encrypted
names
name 192.168.0.11 EXCHANGE
name x.x.x.x WAN
name 192.168.30.0 VPN_POOL2
interface Vlan1
nameif inside
security-level 100
ip address 192.168.0.1 255.255.255.0
interface Vlan2
nameif outside
security-level 0
ip address WAN 255.255.255.252
interface Ethernet0/0
switchport access vlan 2
<--- More --->
interface Ethernet0/1
interface Ethernet0/2
interface Ethernet0/3
interface Ethernet0/4
interface Ethernet0/5
interface Ethernet0/6
interface Ethernet0/7
boot system disk0:/asa724-k8.bin
ftp mode passive
clock timezone EEST 2
clock summer-time EEDT recurring last Sun Mar 3:00 last Sun Oct 4:00
dns server-group DefaultDNS
domain-name default.domain.invalid
object-group protocol TCPUDP
protocol-object udp
protocol-object tcp
access-list nk-acl extended permit tcp any interface outside eq smtp
access-list nk-acl extended permit tcp any interface outside eq https
access-list customerVPN_splitTunnelAcl standard permit 192.168.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 192.168.0.0 255.255.255.0 VPN_POOL2 255.255.255.0
access-list inside_access_in extended permit ip any any
access-list VPN_NAT extended permit ip VPN_POOL2 255.255.255.0 192.168.0.0 255.255.255.0
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu outside 1500
ip local pool VPN_POOL2 192.168.30.10-192.168.30.90 mask 255.255.255.0
icmp unreachable rate-limit 1 burst-size 1
asdm image disk0:/asdm-524.bin
no asdm history enable
arp timeout 14400
global (inside) 10 interface
global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 0.0.0.0 0.0.0.0
nat (outside) 10 access-list VPN_NAT outside
static (inside,outside) tcp interface smtp EXCHANGE smtp netmask 255.255.255.255
static (inside,outside) tcp interface https EXCHANGE https netmask 255.255.255.255
access-group inside_access_in in interface inside
access-group nk-acl in interface outside
route outside 0.0.0.0 0.0.0.0 x.x.x.x 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
aaa authentication enable console LOCAL
aaa authentication http console LOCAL
aaa authentication serial console LOCAL
aaa authentication ssh console LOCAL
aaa authentication telnet console LOCAL
aaa authorization command LOCAL
http server enable
http 192.168.0.0 255.255.255.0 inside
snmp-server host inside 192.168.0.16 community public
no snmp-server location
no snmp-server contact
snmp-server community public
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto dynamic-map outside_dyn_map 20 set pfs group1
crypto dynamic-map outside_dyn_map 20 set transform-set ESP-3DES-SHA
crypto map outside_map 65535 ipsec-isakmp dynamic outside_dyn_map
crypto map outside_map interface outside
crypto isakmp enable outside
crypto isakmp policy 10
authentication pre-share
encryption 3des
hash sha
group 2
lifetime 86400
crypto isakmp nat-traversal 20
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh timeout 5
console timeout 0
dhcp-client client-id interface outside
dhcpd dns 217.27.32.196
dhcpd address 192.168.0.100-192.168.0.200 inside
dhcpd dns 192.168.0.10 interface inside
dhcpd enable inside
group-policy DfltGrpPolicy attributes
banner none
wins-server none
dns-server none
dhcp-network-scope none
vpn-access-hours none
vpn-simultaneous-logins 3
vpn-idle-timeout 30
vpn-session-timeout none
vpn-filter none
vpn-tunnel-protocol IPSec l2tp-ipsec
password-storage disable
ip-comp disable
re-xauth disable
group-lock none
pfs disable
ipsec-udp disable
ipsec-udp-port 10000
split-tunnel-policy tunnelall
split-tunnel-network-list none
default-domain none
split-dns none
intercept-dhcp 255.255.255.255 disable
secure-unit-authentication disable
user-authentication disable
user-authentication-idle-timeout 30
ip-phone-bypass disable
leap-bypass disable
nem disable
backup-servers keep-client-config
msie-proxy server none
msie-proxy method no-modify
msie-proxy except-list none
msie-proxy local-bypass disable
nac disable
nac-sq-period 300
nac-reval-period 36000
nac-default-acl none
address-pools none
smartcard-removal-disconnect enable
client-firewall none
client-access-rule none
webvpn
functions url-entry
html-content-filter none
homepage none
keep-alive-ignore 4
http-comp gzip
filter none
url-list none
customization value DfltCustomization
port-forward none
port-forward-name value Application Access
sso-server none
svc none
svc keep-installer installed
svc keepalive none
svc rekey time none
svc rekey method none
svc dpd-interval client none
svc dpd-interval gateway none
svc compression deflate
group-policy customerVPN internal
group-policy customerVPN attributes
dns-server value 192.168.0.10
vpn-tunnel-protocol IPSec
password-storage enable
split-tunnel-policy tunnelspecified
split-tunnel-network-list value customerVPN_splitTunnelAcl
default-domain value customer.local
username xxx password 8SYsAcRU4s6DpQP1 encrypted privilege 0
username xxx attributes
vpn-group-policy TUNNEL1
username xxx password C6M4Xy7t0VOLU3bS encrypted privilege 0
username xxx attributes
vpn-group-policy PAPAGROUP
username xxx password RU2zcsRqQAwCkglQ encrypted privilege 0
username xxx attributes
vpn-group-policy customerVPN
username xxx password zfP8z5lE6WK/sSjY encrypted privilege 15
tunnel-group customerVPN type ipsec-ra
tunnel-group customerVPN general-attributes
address-pool VPN_POOL2
default-group-policy customerVPN
tunnel-group customerVPN ipsec-attributes
pre-shared-key *
tunnel-group-map default-group DefaultL2LGroup
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns preset_dns_map
parameters
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
service-policy global_policy global
prompt hostname context
Cryptochecksum:a4dfbb82008f78756fe4c7d029871ec1
: end
ciscoasa#Well lots of new features have been hinted at for ASA 9.2 but I've not seen anything as far as an Engineering Commit or Customer Commit for that feature.
Site-site VPN in multiple context mode was added in 9.0(1) and I have customers have been asking for the remote access features as well.
I will remember to ask about that at Cisco Live next month. -
Is there any way to contact verizon with a detailed cell phone technical support question?
Is there any way to contact Verizon with a detailed cell phone technical support question? I prefer e-mail so as to provide details (like I am trying to provide here). I have tried in-store personnel (no help at all) and the web chat - they just want to see me more data instead of helping me with my basic problem!
I CAN NOT GET ANYONE FROM VERIZON TO GIVE ME ANY HELP NOR CAN I FIND A WAY TO FILE A COMPLAINT. AT THIS POINT I JUST WANT TO DROP MY VERIZON ACCOUNT BUT I'M SURE THAT IT WILL COST ME A SMALL FORTUNE TO GET OUT OF IT.
Here is my issue:
Chat transcript removed as required by the Verizon Wireless Terms of Service
BELOW IS A SCREEN COPY FROM REDDIT ABOUT SOMEONE WITH THE SAME PROBLEM WITH A VERIZON CELL PHONE
So last night my RAZR MAXX HD did something totally bewildering by spontaneously downloading 2.6 GB of data over the course of ~ 3 hours. Fortunately I was able to catch this problem before it ended up being really expensive, but I still exceeded my 2 GB data plan by 600MB.
The Culprits:
Reddit News Free: 160 MB foreground / 0.96 GB background
Android OS: 0 MB foreground / 1.18 GB background
Several unnamed applications: ~ 350 MB
Screenshots:
The massive data spike
Android OS data usage
Reddit News Free data usage
Weird unnamed processes
Detailed timeline:
5:12 PM: Incident begins according to VZW data usage website (2.60410 GB used). This is around the last time that I used my phone at the laundromat before getting dinner and watching Game of Thrones.
8:04 PM: 50% of data allowance used (txt msg)
8:31 PM: 75% of data allowance used (txt msg)
8:58 PM: 90% of data allowance used (txt msg)
9:13 PM: 100% of data allowance used (txt msg)
10:05 PM: Got the text messages and immediately put the phone into airplane mode
10:30 PM: Took screenshots
10:45 PM: Enabled wifi, installed Kaspersky premium. Scan returned no threats.
11:00 PM: Left phone in airplane mode, went to sleep.
The questions:
What was the root cause of this issue? Did Reddit News freak out as a result of an esoteric bug or was my phone hacked?
If this was a simple Reddit News bug, then why was the Android OS also trying to use such a massive amount of background data?
What the hell are these unnamed numeric applications? I've inspected my process history and this is the first time they have ever attempted to use data.
I'm pretty sure that I can explain this situation to Verizon and get out of having to pay additional data usage fees, but I would like to know more about the problem before I get in touch with them.
all 13 comments
best
[–]omgmrjmako/PA, deb/Carbon 3 points 1 year ago*
All I can think is your phone may have background downloaded an OTA update, and you'd then be prompted with something like, "As update to your Android system has been downloaded, would you like to install it now?"
I do find it very odd that the update would be 2.6GB. As a rough base, the CyanogenMod 10.1 firmware for your device is well under 200MB, so unless Verizon has a ****-ton of bloatware in the update, or it had to attempt to download multiple times for some reason, it may be a stretch.
But doing a little homework, it looks like the Verizon Razr Maxx was updated to 4.1 in late March. Maybe they're still rolling it out in waves? Have you gotten the update yet?
Edit: Aaaand I just noticed you appear to be running an AOSP-based ROM, which totally rules out a carrier update being sent out.
Edit2: If you want to live dangerously, you could try running:
#kill -9 12289
That 12289 is the PID listed in your screenshot. But don't run that without fulling understanding the kill command.
The ps command could also be of use, but probably not.
permalink
[–]lechnito[S] 2 points 1 year ago
I can confirm that the phone is currently at 4.1.2 and that I wasn't prompted for an OTA update.The fact that both the Android OS and Reddit News processes were simultaneously using an extremely large amount of data is unlikely to be a coincidence...
permalink
parent
[–]omgmrjmako/PA, deb/Carbon 3 points 1 year ago
That is very curious that the spikes happened at the same time.I'm curious. It may have put at least some of that 2.6GB somewhere. You could use a data visualizer tool to see if you can find it, which may lead to more clues.
permalink
parent
[–]lechnito[S] 2 points 1 year ago
The largest directories are:
DCIM: Normal looking photos (90,825 KB)
Android: Primarily map cache data (64,846 KB)
If it was downloading content then it did not significantly save content to storage. It's not like I have anything particularly sensitive on the phone, but the idea that it was uploading a snapshot of my data definitely makes me uncomfortable.
permalink
parent
[–]omgmrjmako/PA, deb/Carbon 2 points 1 year ago
Yup, Digital Camera IMages and videos.Somewhere in /sdcard/Android would be my guess as to where a mysterious file would be downloaded, but if it's only 64MB, and mostly map data, I'd safely rule it out.I'm sorry, but I'm stumped here.Edit: I should mention I don't think this is malware, because unless a malicious app gained superuser access, any data it used would show under it's own apk in the data usage list, not Android OS.
permalink
parent
[–]mistrbrownstone 0 points 1 year ago
DCIM: Normal looking photos (90,825 KB)
Was it trying to auto-upload pictures or video to G+?I ******* hate that.
permalink
parent
[–]lechnito[S] 1 point 1 year ago
Although I'm not really up to speed with the Android platform, I come from a UNIX background so I feel comfortable running commands. How do I pull up a bash terminal? Do I need to root the phone first?
permalink
parent
[–]omgmrjmako/PA, deb/Carbon 2 points 1 year ago
There's a number of terminal emulators in the Play Store that work well. You don't need a rooted phone to get to the shell as your user, but any privileged command won't execute unless you can grant it permission from the Superuser app that is installed when you root the device. So you could probably do a ps -e, but not a kill -9.
permalink
parent
[–]lechnito[S] 1 point 1 year ago
Got it. I downloaded a terminal emulator but unfortunately those processes no longer exist.Does Android keep a generic log of system level events like /var/log/syslog?
permalink
parent
[–]omgmrjmako/PA, deb/Carbon 2 points 1 year ago
I don't think so, and I know you'd need superuser permission to read most of the files in /var/log anyway. I'm not super familiar with how Android does its logging, but I do know that the two files of interest are the logcat and dmesg.
permalink
parent
[–]sh0nuff 1 point 1 year ago
Want to mention here that using your settings to set your data cap (set it on your billing day), then you won't go over again.Those text messages are really unhelpful, as they send out well after the data has been used. Chances are good you hit close to the 2GB mark before you received the bulk of the messages.
permalink
[–]kindofabuzz -4 points 1 year ago
Quit installing pirated apps.
permalink
[–]lechnito[S] 1 point 1 year ago
That's definitely not the case here; both my PC and and Android phone are free from pirated apps.You used the data. Verizon can not see what it was sued for. However your phone can see whats apps used the data. go to settings-data usage- there will be a place that says data usage cycle. line the dates up with your cycle. then there will be a bar graph below that extend bother white bars one all the way to the left and one all the way to the right. after those are extended below that will be a list of apps, there should be one that used over 2 gb and that will show you what app used that data in her purse
Maybe you are looking for
-
Crosstab with multiple rowset xml content
I have multiple rowsets (xml files) which I want to calculate subtotals from. Each xml data set has identical columns. If I union all the files together, the xml content contains multiple rowsets and the Crosstab function does not give me a summed
-
Hi, I have an Intel MFSYS35 Modular Server with MFS5520VIB compute modules. Currently, I have 1TB hard drives installed. I was looking to upgrade to 3TB or possibly 4TB drives. Are only certain models compatible? Thanks, This topic first appeared in
-
Export using TOAD for a nested table?
I am trying to export a nested table via TOAD, however, the fields which are part of nested data (dataset) does not export. Any suggestions on an alternative solution? Thanks. Jaffee
-
3GS pausing automatically however i play my music
1st off i have read the other discussions and none of them seem to get my problem right. i use my iphone to play music;- through bluetooth in my car through the built in speakers while im in work on my docking station that use the big hole underneath
-
Redo waits + I/O issue ?
Hello All, - Oracle 10.2.0.4.0 on HP-Unix We are having performance issues during night batch cycles for past few days and we are observing following waits in top 5 wait events for past few days: log file sync log file parallel wait Sometimes "log fi