Re: Permissions question

From: Dan Norris <>
Date: Mon, 14 Jan 2008 09:11:54 -0800 (PST)
Message-ID: <>

I presume you want the dba group to be the OSDBA group as part of this change. If that's the case, check ML 1012572.6--it's old, but it should still apply. Changing the OS group membership and ownership doesn't change the OSDBA group which is linked in to the oracle binary. The note will tell you how to change the group.

Also note that doing a "chgrp -R dba" will likely remove some of the SGID bits (possibly the SUID bits too) on many of the binaries. So, I'd probably do this:

  1. Shutdown everything
  2. do: "cd $ORACLE_HOME ; ls -lR > /tmp/oh-files-and-privs.txt ; cd $ORACLE_HOME/bin ; ls -l > /tmp/oh-bin-files-and-privs.txt"
  3. Make the unix changes to put oracle in the dba group. Logout, then login again just for good measure.
  4. to change the group, I'd do this: find $ORACLE_HOME -group <oldgroupname> | xargs chgrp dba
  5. follow the ML note 1012572.6
  6. Compare /tmp/oh-bin-files-and-privs.txt with "ls -l $ORACLE_HOME/bin" especially looking at the s and S bits from the original and making sure they're still the same.
  7. Start it all up again.
  8. Make sure that any logfiles that are written to outside of OH are still writable. They probably are as the "oracle" UID probably owns them, but just in case.

Good luck!

  • Original Message ---- From: "Sweetser, Joe" <> To: Sent: Monday, January 14, 2008 10:14:05 AM Subject: Permissions question

New server. RH 5. 10gR2.

Oracle account was set up a default group of oracle (not dba, though  the
dba group does exist). Foolhardy DBA (moi) did not check the group before installing the s/w and creating the database. I would like to "correct" this as quickly as possible and wonder what anyone thinks about the following idea:

  1. Shutdown everything
  2. Get the default group changed to dba in /etc/passwd. I know I can change the group when I am logged in, but want to make it "clean" for everyone going forward.
  3. Do a chgrp -R dba on ALL oracle-related files including ORACLE_HOME and all the datafiles
  4. Restart


Confidentiality Note: This message contains information that may be  confidential and/or privileged. If you are not the intended recipient, you  should not use, copy, disclose, distribute or take any action based on  this message. If you have received this message in error, please  advise the sender immediately by reply email and delete this message.  Although ICAT Managers, LLC scans e-mail and attachments for viruses, it does  not guarantee that either are virus-free and accepts no liability for  any damage sustained as a result of viruses. Thank you.


-- Received on Mon Jan 14 2008 - 11:11:54 CST

Original text of this message