Just when I thought I had the client permission issue put to bed, one of my customers announces that he is getting errors when trying to run oerr from the client machine.

oerr: Unknown facility ‘ora’

The oerr command depends on $ORACLE_HOME/lib/facility.lis to work correctly. The $ORACLE_HOME/lib/facility.lis file must be readable by other, and the directory must have a minimum of execute permission. In addition to the facility.lis file, to be truly functional, oerr users must also have read access to the files in $ORACLE_HOME/rdbms/mesg.

So, here is my latest take on the minimum privileges you will need to grant an Oracle 10gR2 client after a new install:

chmod 755 $ORACLE_HOME
chmod 755 $ORACLE_HOME/bin/sqlplus
chmod 755 $ORACLE_HOME/jdbc
chmod 755 $ORACLE_HOME/jdbc/lib
chmod 755 $ORACLE_HOME/ldap
chmod 755 $ORACLE_HOME/ldap/admin
chmod 644 $ORACLE_HOME/ldap/admin/*
chmod 755 $ORACLE_HOME/ldap/lib
chmod 755 $ORACLE_HOME/ldap/lib32
chmod 755 $ORACLE_HOME/ldap/mesg
chmod 644 $ORACLE_HOME/ldap/mesg/*
chmod 755 $ORACLE_HOME/lib
chmod 644 $ORACLE_HOME/lib/facility.lis
chmod 755 $ORACLE_HOME/network
chmod 755 $ORACLE_HOME/network/admin
chmod 644 $ORACLE_HOME/network/admin/sqlnet.ora
chmod 644 $ORACLE_HOME/network/admin/ldap.ora
chmod 755 $ORACLE_HOME/nls
chmod 755 $ORACLE_HOME/nls/data
chmod 644 $ORACLE_HOME/nls/data/lx1boot.nlb
chmod 755 $ORACLE_HOME/oracore
chmod 755 $ORACLE_HOME/oracore/zoneinfo
chmod 644 $ORACLE_HOME/oracore/zoneinfo/timezlrg.dat
chmod 755 $ORACLE_HOME/rdbms
chmod 755 $ORACLE_HOME/rdbms/mesg
chmod 644 $ORACLE_HOME/rdbms/mesg/*
chmod 755 $ORACLE_HOME/sqlplus
chmod 755 $ORACLE_HOME/sqlplus/mesg
chmod 644 $ORACLE_HOME/sqlplus/mesg/*

If you arrived at this post from a search engine, you might want to check for newer posts, as client permissions have been a moving target.