Databases Reference
In-Depth Information
echo "$username:$PASSWD" | chpasswd
(( USER_ID+=1 ))
done
Next, set up
sudo
access for each of these accounts and enable them to
sudo
to your database accounts. Run the
visudo
command to make the following entries (output is omitted for brevity):
User_Alias PROD = userprod
User_Alias TEST = usertest
User_Alias DEV = userdev
Cmnd_Alias PROD_SU = /bin/su - oraprod, /bin/su oraprod
Cmnd_Alias TEST_SU = /bin/su - oratest, /bin/su oratest
Cmnd_Alias DEV_SU = /bin/su - oradev, /bin/su oradev
PROD ALL = PROD_SU
TEST ALL = TEST_SU
DEV ALL = DEV_SU
Finally, restrict SSH access from your database owner accounts by editing
/etc/ssh/sshd_config
on each
compute node, adding the
DenyUsers
line as provided below, and restarting your SSH daemon:
[root@cm01dbm01 source]# grep Deny /etc/ssh/sshd_config
DenyUsers oraprod oratest oradev
[root@cm01dbm01 source]# service sshd restart
Stopping sshd: [ OK ]
Starting sshd: [ OK ]
[root@cm01dbm01 source]#
When complete, you can proceed to install additional Oracle RDBMS software binaries under each of these new
operating system accounts.
How It Works
Operating system user and group administration on Exadata is no different than administering users and groups on
a non-Exadata Linux environment, but as many organizations consolidate different types of databases on a single
Exadata Database Machine, it is important to understand how to customize your standard security deployment
to meet your business requirements. Even if you do not wish to create different OS accounts and users or install
additional Oracle Homes, it is common to prevent SSH access from the
oracle
operating system account; the last
several steps in the solution of this recipe can be applied to the
oracle
OS account as well.
When you install a default, role-separated authentication strategy on Exadata, you will typically use the
grid
operating system account for Grid Infrastructure and the
oracle
account for your RDBMS software. The standard
operating system groups typically used are
oinstall
,
dba
,
asmadmin
,
asmdba
, and
asmoper
for your
oracle
and
grid
software owner, each of which serves a distinct purpose as outlined in your Exadata Owner's Guide. The
steps in this recipe extend your base installation and create additional operating system groups and user accounts
to provide compute grid capable of segregating authentication and responsibility for different Oracle software
installations and databases.
If you follow the steps in this recipe, the natural next course of action would be to install different Oracle
RDBMS Homes on your Exadata Compute Nodes and use the newly created users and groups to install your
software. Recipe 12-2 discusses installing additional Oracle RDBMS Homes on Exadata.
Search WWH ::
Custom Search