Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.server -> Re: 10g installation : oinstall and dba separation

Re: 10g installation : oinstall and dba separation

From: Frank van Bortel <frank.van.bortel_at_gmail.com>
Date: Sat, 11 Jun 2005 11:31:36 +0200
Message-ID: <d8eao5$d10$1@news6.zwoll1.ov.home.nl> 





kona_iron_at_yahoo.fr wrote:


> Hello,

> I would like to separate the people in charge of the Oracle

> installation from the people in charge of the Database installation.

> Typicaly, separate the job of a Unix administrator and a DBA.

> I oft read in the documentation the user oracle as the user of the

> installation.

> But why should it be have "dba" as secondary group ?

> In this case we can not assure the separation. Is it right ?

> So can the user in charge of the installation only only member of the

> oinstall group ?

> And the dba's only member of the dba group ?

> And how about directories and files permissions on the Oracle

> Installation ?

> 

> Thank you

> 




Unix admins could/should be member of oinstall; DBA's of the dba
group, maybe of the oinstall group.



The oinstall group has ownership of the software:
[oracle10_at_csdb01 oracle10]$ ll /o/oracle10/10gR1/
total 260

drwxr-xr-x    5 oracle10 oinstall10     4096 May 23 13:18 assistants
drwxr-xr-x    2 oracle10 oinstall10     8192 Jun  5 13:21 bin
drwxr-xr-x    3 oracle10 oinstall10     4096 May 23 13:18 cdata
drwxr-xr-x    2 oracle10 oinstall10     4096 May 23 14:26 cfgtoollogs


.


. [snipped]


Members of the DBA group can logon to oracle to start and stop
the instance:


[oracle10_at_csdb01 oracle10]$ su - kona


su: user kona does not exist


[root_at_csdb01 root]# useradd -g dba10 kona
[root_at_csdb01 root]# passwd kona


Changing password for user kona.


New password:


Retype new password:


passwd: all authentication tokens updated successfully.
[oracle10_at_csdb01 oracle10]$ su kona


Password:


[kona_at_csdb01 oracle10]$ sqlplus "/ as sysdba"



SQL*Plus: Release 10.1.0.4.0 - Production on Sat Jun 11 11:23:02 2005



Copyright (c) 1982, 2005, Oracle.  All rights reserved.




Connected to:


Oracle Database 10g Enterprise Edition Release 10.1.0.4.0 - Production
With the Partitioning, OLAP and Data Mining options



Now, for the same excercise, but user kona is just a
member of oinstall10:

[root_at_csdb01 root]# userdel -r kona
[root_at_csdb01 root]# useradd -g oinstall10 kona
[root_at_csdb01 root]# passwd kona




Changing password for user kona.


New password:


Retype new password:


passwd: all authentication tokens updated successfully.
[oracle10_at_csdb01 oracle10]$ su kona


Password:


[kona_at_csdb01 oracle10]$ sqlplus "/ as sysdba"



SQL*Plus: Release 10.1.0.4.0 - Production on Sat Jun 11 11:25:02 2005



Copyright (c) 1982, 2005, Oracle.  All rights reserved.



ERROR:



ORA-01031: insufficient privileges

-- 
Regards,
Frank van Bortel


Received on Sat Jun 11 2005 - 04:31:36 CDT












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US