sysoper/dba ?

Hey;

Another posting in my ongoing effort to clarify the things that are still mystifying me about Oracle.

I'm pretty sure I have the procedures for granting sysoper/sysdba privileges to certain accounts. I'm working with Oracle 8i (8.1.5) on Redhat Linux, so my assumptions are geared towards that environment.

I'm hoping to verify/rectify my assumptions:

1. Under UNIX, in order to be able to switch on sysoper/sysdba roles, the user in question must be in the dba group or have the role assigned to him via the connect sys/${pwd} as sysdba route.
2. This role is not enabled by default but must be switched on via the connect as ${user}/${pwd} as sysdba|sysoper.
3. Presupposing the operating system doesn't support a group type functionality, Oracle supplies a utility, orapwd that will password protect sys and connect internal. Once protected, the dba can then grant the sysoper/sysdba roles as ref'ed above.

So, how close are those assumptions? Any info greatly appreciated.

One further question. As the UNIX admin, I've long known that I can start up/shut down Oracle databases by the following route:

# su - oracle
# svrmgrl << eof

connect internal
shutdown immediate
exit
eof

To date, I haven't supported an environment where I could not do that. Can I use the orapwd utility to password protect that? I'm thinking that I can; however, I'm also betting that's going to mess up the automated oracle startup because it'll be asking for a password. I would think it could be put in the startup script, but root has access to those, so putting it in there kind of circumvents the reason for pwd protecting internal.

Any info on that as well would be greatly appreciated.

Thanks for your time.

Doug O'Leary

-- 
-------------------
Douglas K. O'Leary
Senior System Admin
dkoleary_at_mediaone.net