Databases Reference
In-Depth Information
Most customers choose, at a minimum, to configure role-separated authentication for the Oracle RDBMS
and Grid Infrastructure installations. While you can elect to use the same operating system account and group
structure for both the RDBMS and Grid Infrastructure binaries, in this recipe, we will assume you are running Grid
Infrastructure software under a user called
grid
and the Oracle Database software under a different operating system
user called
oracle
. In the How It Works section of this recipe, we will show the operating system accounts and groups
used in a typical role-separated Exadata environment.
■
When you fill out your configuration worksheet prior to installing Exadata, you can change these defaults to suit
your needs, but, in our experience, customers typically perform role-separated authentication initially.
Note
Start by defining the security policies. For example, let's assume you will deploy three databases on your Exadata
Database Machine,
PROD
,
TEST
, and
DEV
, and further assume that the Exadata DMAs responsible for administering
these databases will be from different organizations in your IT department. Also, we will assume that your security
policies mandate that each IT organization's scope of administration responsibility aligns with the three databases.
Under this requirement, the first task to perform is to create a different operating system group for each database. In
the example in Listing 12-1, we will set up six operating system groups, two for each of the three databases with one of
these two being the default group for each OS account and one representing the OS group targeted for the
OSDBA
role,
which will provide
SYSDBA
access.
Listing 12-1.
lst12-01-setup-osgroups.sh
#!/bin/sh -x
# Name: lst12-01-setup-osgroups.sh
groupadd dba_prod -g 1010
groupadd dba_test -g 1011
groupadd dba_dev -g 1012
groupadd oraprod -g 1110
groupadd oratest -g 1111
groupadd oradev -g 1112
Next, create three additional database users using the script in Listing 12-2. In this script, we will create a Linux
account using the
useradd
command and modify
/etc/security/limits.conf
to properly configure operating
system limits for Oracle 11gR2 on Exadata.
Listing 12-2.
lst12-02-setup-dbausers.sh
#!/bin/bash
# Name: lst12-02-setup-dbausers.sh
export PASSWD=welcome1
export USER_LIST="oraprod oratest oradev"
export USER_ID=3001
export LC=/etc/security/limits.conf
cp $LC ${LC}_'date +%Y-%m-%d_%H:%M:%S'
#
for username in 'echo $USER_LIST'
do
export user_suffix='echo $username | cut -f2 -da'
useradd -u ${USER_ID} -g oinstall -G dba_${user_suffix},oinstall,asmdba -d /home/${username}
${username}
Search WWH ::
Custom Search