This page deals with handling permission for the listener. Starting or managing a listener needs os user privilege. This works just like chmod, but executing with crsctl command. If improperly configured others can take advantage of the listener.
To check what is the current permission.
crsctl status resource ora.LISTENER_IB.lsnr -p | grep ACL=
The output will look like below..
ACL=owner:root:rwx,pgrp:root:r-x,other::r--
Here it shows who is the owner, primary group and others.
owner = root with permission rwx
pgrp = root with permission r-x
other = permission is only read.
To change the primary group
crsctl setperm resource ora.LISTENER_IB.lsnr -u 'pgrp:oinstall:rwx'
This can be seen with
crsctl status resource ora.LISTENER_IB.lsnr -p | grep ACL=
ACL=owner:oracle:rwx,pgrp:oinstall:rwx,other::r--