| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
 |
 | |||
| Oracle FAQ | Your Portal to the Oracle Knowledge Grid | |
|
| |||
Home -> Community -> Usenet -> c.d.o.server -> Re: Oracle 8i - Create database by non product owner (e.g. oracle)
I've checked on one of our systems, although the situation is somewhat
different there.
Oracle software is installed twice: one set by Unix account oraprod, other
set by oradev.
Both have dba group as primary group. Both can stop/start databases of both
oradev and oraprod when he has set the proper $ORACLE_HOME etc..
I expect the database files are created owned by the Unix account that did
create db with security - rw- r--- ---.
So when you create a second account with primary group dba you could make
sure files could not be deleted.
But both Unix account could stop, start and connect internal without
password to all databases running, regardless the Unix account that created
or started it. This is by design: both are member of the dba group and
that's exactly what the membership of the group is for: to give you that
privilege.
So no added security here.
To make really separated environments, install software in 2 Unix accounts. Make 2 dba groups. Only one account modify oratab then, the other should have read access via "others".
About the failure: ORA-01501 must be followed by the real errors. Otherwise check the alert.log file if it is created already.
Frankie Li <earthy_at_hkicable.com> schreef in berichtnieuws
e3b3b67b.0206180034.5a7bdb8f_at_posting.google.com...
| "Anton Buijs" <aammbuijs_at_xs4all.nl> wrote in message
news:<aeleo8$dhm$1_at_news1.xs4all.nl>...
| > Assuming "dba" is the group used as the DBA group when the software was
| > installed and/or linked:
| > make sure dba is the primary group for user oratest.
| > Group "oinstall" is only required when you want to run the OUI but I
would
| > recomment to use oracle account only for this.
| >
| > If this is not the cause, you really must provide more details about the
| > errors.
| >
| > Frankie Li <earthy_at_hkicable.com> schreef in berichtnieuws
| > e3b3b67b.0206170209.2f92e1b3_at_posting.google.com...
| > | Hello,
| > |
| > | I am trying to create a database in AIX which is owned by user account
| > | other than "oracle".
| > |
| > | I create a new user named "oratest" and add "oinstall" and "dba" group
| > | to this user. Then I logon this user and run dbassist.
| > |
| > | When Oracle try to create the database, it prompts some errors liked
| > | "Cannot create database...".
| > |
| > | In fact, I would like to know if any experts here have experience
| > | (about creating database owned by other users) can be shared?
| > |
| > | Is Oracle formally support this? Or it requires user create all
| > | database through 'oracle'?
| > |
| > | Thanks in advance.
| > |
| > |
| > | Earthy
|
| Thank you so much for your advice.
|
| I just tried again giving oratest the DBA group as primary group and
| grant all necessary file permission to Oracel Home.
|
| Using dbassist, I try to create the database using oratest. However,
| during "Create databases" phase, an error "ORA-01501: CREATE DATABASE
| failed" is prompted. Anyone can advise what it means? I have refered
| to the Oracle help, but it doesn't help much.
|
| Earthy
Received on Tue Jun 18 2002 - 14:58:45 CDT
 |
 |