Re: Changing Oracle gid and uid?
- From: Mark Bole <makbo@xxxxxxxxxxx>
- Date: Wed, 05 Oct 2005 16:55:17 -0700
David Sharples wrote:
you would also have to reset the setuid permission on the oracle
executable as it would be lost with a chown
Not so. chmod changes file permissions, not chown.
Marquez, Chris wrote:
So when I use the nfs from servers dbA and dbB they see the files as
owned by oracle, but from server dbC the files are owned by another
user (the use with that uid in the local passwd / group file).
And the opposite happens when pushing a file from dbC, when dbA and
dbB look at it.
What is my work-around?
> The SA came up with the idea of changing Oracle's gid and uid on dbC.
>
> I have been in this situation before, when someone broke oracle by
> changing the oracle gid and uid, but I just changed it back to what
is > was.
The SA's idea is correct. If someone else "broke oracle" it was by
doing an incomplete job.
I have performed this same task under both Oracle 7 and Oracle 9, no
relinking is required. In Unix, the file system only contains numeric
UID and GID values, they only get converted to a name via lookup in
/etc/passwd and /etc/group. (system calls getpwnam(), getpwuid(),
getgrnam(), and getgrgid() perform this task).
Oracle software does not know or care anything about the numeric
UID/GID, only the names. So the change is pretty easy, just like
changing the description for a unique ID in a lookup table in the database.
Here is a sample scenario. Assumes new UID and GID are not already in
use, of course.
users:
oracle change 101 => 103
groups:
dba change 101 => 21
First, run pwck and grpck commands to clean up any problems with the
respective files. Optional, but recommended (you'd be surprised what
you might find).
# get "before" list of files to be changed for logging purposes
find / -user oracle -exec ls -ld {} \; > /tmp/ora_owned_files.lst
# find files which don't have DBA group, if any (shouldn't be any)
find / -user oracle \! -group dba -exec ls -ld {} \; >> \
/tmp/ora_owned_files.lst
shut down all oracle software (confirm with "ps -fu oracle" command).
# make the change
find / -user oracle -exec chown 103:21 {} \;
# make backups using RCS or your favorite method
cd /etc
ci -l passwd
ci -l group
# change lookups
vipw [...change oracle UID to 103, GID to 21]
vi /etc/group [change dba GID to 21]
# re-run listing to check for consistency
# check output to see what's changed...should be the same as "before"
# listing
find / -user oracle -exec ls -ld {} \; > ora_owned_files.lst.new
find / -user oracle \! -group dba -exec ls -ld {} \; >> \
/tmp/ora_owned_files.lst.new &
It might be a little slow, you can experiment with the recursive option
of chown instead of using find. Or, instead of -exec option of 'find',
pipe output to xargs command. Just be sure you handle symbolic links
correctly. (Your SA should understand all of this, in case you don't).
--
Mark Bole
http://www.bincomputing.com
--
//www.freelists.org/webpage/oracle-l
Other related posts: