Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: oracle and his primary group : oinstall or dba

Re: oracle and his primary group : oinstall or dba

From: John L <jl_at_lammtarra.fslife.co.uk>
Date: Fri, 8 Nov 2002 13:44:23 -0000
Message-ID: <aqgevb$b34$1@news6.svr.pol.co.uk>

"Fleury Marcel" <marcel.fleury_at_bluewin.ch> wrote in message news:f18358b2.0211070614.65f6b3c8_at_posting.google.com...
> "John L" <jl_at_lammtarra.fslife.co.uk> wrote in message news:<aqcbk7$qbd$1_at_news8.svr.pol.co.uk>...
> > "Fleury Marcel" <marcel.fleury_at_bluewin.ch> wrote in message news:f18358b2.0211060702.6c96f971_at_posting.google.com...
> > > Hello,
> > > Oracle recommands to have oinstall as primary group for oracle account.
> > > Why not using dba as primary group ?
> > > What are the benefit to use oinstall instead of dba ?
> > >
> >
> > The oracle user is in the oinstall group, and
> > the other users with dba privileges are not,
> > they are in the dba group. The oracle (oinstall)
> > user is the owner of all the oracle files.
> >
> > In many companies, the sys admin will install
> > the software (as oracle in the oinstall group)
> > and the DBAs (in the dba group) use it.
> >
> > It also means that the DBAs cannot accidentally
> > remove oracle files.
> >
> > One way of undoing this "separation of powers" is
> > for oracle to also be in the dba group and to be
> > used by DBAs.
> >
> > John.
>
> Thank you with all of you for your answers
>
> So if we decide to separate the installation and DBA roles, the config
> files in $ORACLE_HOME/network/admin, for example, are only accessible
> in write by oraowner.
>
> But the management of this files are generaly the responsability of
> the DBA's and not of the sys admin.
>
> What do you mean ?
>
> -rw-r--r-- 1 oraowner oinstall 17253 Jan 31 09:23
> tnsnames.ora
>

Yes. There are anomalies. There will always be anomalies. Maybe tnsnames.ora should be owned by the network admin rather than the sys admin or the DBA. Who knows? How often will you change tnsnames.ora?

Even the notion of good practice varies with time, as well as with situation. (It is similar with OFA.)

Maybe your DBA wants a bigger SGA. Or more frequent backups. All these things have to be decided in conjunction with the sys admin. And possibly management, external customers, developers, end users and so on.

In practice, many sites just have everyone in the dba group.

If you read the Installation Guide (and Getting Started), the issues are explained. Then you can make an informed decision as to what is best for *your* situation.

(You might also want to look at Johnathan Lewis's thoughts on the OSOPER role: http://www.jlcomp.demon.co.uk/osoper.html )

John. Received on Fri Nov 08 2002 - 07:44:23 CST

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US