Mark D Powell wrote:
> fitzjarrell_at_cox.net wrote:
>> Comments embedded.
>> idiotprogrammer wrote:
>>> Hi, I'm upgrading a 9i Oracle installation and running a patch on RHE
>>> 3. I'm having a permission problem. User bob ran the original install
>>> script.
>> Why? The installation should have been done as 'oracle'.
>>
>>> However, when user bob ran the upgrade patch with the Universal
>>> Installer (name: Oracle9i, path /data/oracle9i/OraHome1), it says you
>>> don't have the right to create dir OraHome1. I've verified that
>>> /data/oracle9i/OraHome1 exists; however, it isn't owned by bob; it is
>>> owned by user "oracle".
>> Correct. As it should be. 'bob' should have had nothing to do with
>> this software installation or upgrade.
>>
>>> So how do you solve that problem? Do I delete
>>> the OraHome1 directory and let the install/upgrade wizard create one?
>> At that point you'd be removing the existing installation and affecting
>> any and all databases you've created. The true solution to this is you
>> should never have had 'bob' associated with any of the Oracle software
>> installation and used the 'oracle' user, as originally intended and
>> specified in the installation notes.
>>
>>> Or do I "su - oracle" . The thing is that I don't recall ever creating
>>> a user "oracle." Opinons?
>> The fact is 'bob' should not be owner of any of the Oracle software,
>> period. 'oracle' should. And the SA made certain that 'oracle' owns
>> the $ORACLE_HOME root directory (and should own any subdirectories
>> under it). Read the installation notes and pre-installation checklist
>> again and you'll find Oracle specifies that 'oracle' (or an account
>> created *specifically* as the administrative account for the Oracle
>> installation) should be the O/S user installing the software (that is
>> unless you intend to make 'bob' the Oracle software owner, which means
>> you must take away his access to the account and create another for his
>> daily use. It also means you'll need to change ownership of these
>> directories to 'bob'. And assign that account the 'dba' group as
>> primary. And monitor the use of the 'bob' account to prevent
>> unauthorised access. And ensure all file permissions are set properly
>> on the Oracle executables.)
>>
>> Hopefully this is not a critical installation (somehow I feel it is
>> not). It may be better if you simply wipe the Oracle slate clean and
>> start again, this time with the proper O/S user account.
>>
>>
>>>
>>> Robert Nagle
>>> idiotprogrammer
>>> Houston, Texas
>>
>> David Fitzjarrell
>
> Actually, I believe that Oracle is very flexible and will install and
> work correctly under any owner name you want to use providing you set
> the recommended ulimits for the chosen ID. Any patches and upgrades
> would also need to be ran as this ID. At least it would under version
> 7. Using the name Oracle as the owner is just what most sites do.
>
> HTH -- Mark D Powell --
My "best practice" is to never install Oracle under a schema named
"oracle" nor to create groups named oinstall or dba. As long as you
are consistent in your management practices I am not aware of any
issues ever generated by stepping away from the defaults.
--
Daniel Morgan
University of Washington
Puget Sound Oracle Users Group
Received on Sat Sep 16 2006 - 21:28:50 CDT
