ORA-12555: TNS:permission denied


Sometimes You can get “ORA-12555: TNS:permission denied ” error.


Details of error are as follows.

ORA-12555: TNS:permission denied
Cause: User has insufficient privileges to perform the requested operation.
Action: Acquire necessary privileges and try again.



Check the whether the .oracle directory exists under /var/tmp, if it doesn’t exist, create and grant it as follows.
mkdir /var/tmp/.oracle
chmod 01777 /var/tmp/.oracle
chown root /var/tmp/.oracle
chgrp root /var/tmp/.oracle


then add it and try to start Listener again.

[oracle@msdbadm01 ~]$ lsnrctl start LISTENER

Check listener status as follows, it is listening the Database and its service as follows.


[oracle@msdbadm01 ~]$ lsnrctl status

LSNRCTL for Linux: Version - Production on 28-APR-2020 15:44:29

Copyright (c) 1991, 2019, Oracle. All rights reserved.

Connecting to (ADDRESS=(PROTOCOL=tcp)(HOST=)(PORT=1521))
Version TNSLSNR for Linux: Version - Production
Start Date 25-MAR-2020 20:34:20
Uptime 33 days 19 hr. 10 min. 8 sec
Trace Level off
Security ON: Local OS Authentication
Listener Parameter File /u01/grid/network/admin/listener.ora
Listener Log File /u01/app/grid/diag/tnslsnr/vfxidb01/listener/alert/log.xml
Listening Endpoints Summary...
Services Summary...
Service "+APX" has 1 instance(s).
Instance "+APX1", status READY, has 1 handler(s) for this service...
Service "+ASM" has 1 instance(s).
Instance "+ASM1", status READY, has 1 handler(s) for this service...
Service "+ASM_DATA" has 1 instance(s).
Instance "+ASM1", status READY, has 1 handler(s) for this service...
Service "+ASM_RECO" has 1 instance(s).
Instance "+ASM1", status READY, has 1 handler(s) for this service...
Service "MSDB" has 1 instance(s).
Instance "MSDB1", status READY, has 1 handler(s) for this service...
Service "MSDBXDB" has 1 instance(s).
Instance "MSDB1", status READY, has 1 handler(s) for this service...

[oracle@msdbadm01 ~]$


Or Clear the /var/tmp/.oracle (Linux or Solaris) or (on AIX), /tmp/.oracle directory and start from fresh:

Stop all listeners

Remove the /var/tmp/.oracle or /tmp/.oracle directory, e.g. run the following from the root account as follows.
rm -rf /var/tmp/.oracle

Check the listener(s) configuration contains unique keys specified for each IPC endpoint and each listener

Start the listener(s) from the normal Oracle OS user.

Clearing the /var/tmp/.oracle or /tmp/.oracle directory will force the listeners to recreate the socket files from fresh, each with its own correct ownership.



