Database Reference
In-Depth Information
If you opted for the creation of the supplementary groups, you could add those to the oracle account:
# usermod -G dba,backupdba,dgdba,kmdba,asmdba,asmadmin oracle
To check how your oracle account is set up, you can use the
id
command as shown here for the minimum
required groups:
# id -a oracle
uid=4200(oracle) gid=4200(oinstall) groups=4200(oinstall),4201(dba)
Notice that the oracle account must have the new groups assigned to it or they will not be selectable in the OUI
session later. Once you are happy with your setup, proceed to the section “Configuring Kernel Parameters.”
Scenario 2: separation of duties
If you are planning on installing a Real Application Cluster or want to use ASM, which requires an installation of
Oracle Restart, you could separate the storage administration from the database administration. The most common
scenario is to create two operating system accounts,
oracle
and
grid
. The main reason against such a setup in the
past was the problematic support for patching in early Oracle 11.2 releases. These problems have largely been solved,
and there are no problems expected with different owners for Grid Infrastructure and the database.
Assuming the above-mentioned groups have already been created, you need to set up the grid owner as well as
the oracle owner. Consider the following example for the
oracle
account:
# useradd -u 4200 -g oinstall -G asmdba,dba -m oracle
# passwd oracle
Changing password for user oracle
New password:
Retype new password:
passwd: all authentication tokens updated successfully
Conversely, the grid account could be created as follows:
# useradd -u 4201 -g oinstall -G asmadmin,asmdba,dba -m grid
# passwd grid
Changing password for user grid
New password:
Retype new password:
passwd: all authentication tokens updated successfully
■
For some strange reason Oracle requires the grid user to be member of the DBa group-failing that you
won't be able to install the database software. Optionally, add the
oracle
user to the
kmdba
,
backupdba
and
dgdba
groups as well.
Note
That concludes the setup of these accounts. If you like you can assign the remaining additional groups to the
oracle account before proceeding to the next section to allow for even finer granularity of access.
Search WWH ::
Custom Search