Database Reference
In-Depth Information
Without a policy of separation of duties in place you could map the oracle user to all the above-mentioned
groups. In a scenario where storage and database management are separated you could map the ASM-related groups
to the grid user, and the rest to oracle. The oracle account also needs the OSDBA for ASM privilege to connect to the
ASM instance; without it oracle can't access its storage. Even if you are not planning on using multiple operating
system accounts I still recommend creating the operating system groups. This is simply to give you greater flexibility
later on, should you decide to allow accounts other than
oracle
and
grid
to perform administration tasks with the
database.
Up until now, one other very important group has not been mentioned:
oinstall
. This group owns the Oracle
inventory and is required for each account that needs to modify the binaries on the system. Oracle recommends that
every Oracle-related operating system account should have
oinstall
as its primary group.
Scenario 1: one operating system account for all binaries
This is the simplest case-the oracle account will be a member of all the operating system groups mentioned above.
To facilitate such a setup, you need to create the operating system groups as shown in the following example. If you
are setting your system up for clustering, then the numerical user-IDs and group-IDs need to be consistent across
the cluster!
To ensure consistent installations, the numeric user and group-IDs should be part of the standards document
covering your build, and the users should ideally be pre-created. For even more consistency you should consider the
use of configuration management tools. For a manual installation, you would follow these steps, beginning with the
mandatory groups.
■
In the following examples a hash or “#” indicates commands to be executed as root; a dollar sign denotes a
non-root shell.
Note
# groupadd -g 4200 oinstall
# groupadd -g 4201 dba
Those are the groups you need at least; if you like greater flexibility later on you could also define the other
groups mentioned in the above table. Again, it is recommended to use the numeric IDs. Please ensure that the group
IDs chosen match those defined in your build standards-the ones shown here are for demonstration only.
# groupadd -g 4202 backupdba
# groupadd -g 4203 dgdba
# groupadd -g 4204 kmdba
# groupadd -g 4205 asmdba
# groupadd -g 4206 asmadmin
You could also create the “oper” groups for the accounts but they are optional since 11.2. With the groups defined
you can create the
oracle
account as follows:
# useradd -u 4200 -g oinstall -G dba,asmdba -m oracle
# passwd oracle
Changing password for user oracle
New password:
Retype new password:
passwd: all authentication tokens updated successfully
Search WWH ::
Custom Search