Re: Permissions question
- From: Dan Norris <dannorris@xxxxxxxxxxxxx>
- To: JSweetser@xxxxxxxx, oracle-l@xxxxxxxxxxxxx
- Date: Mon, 14 Jan 2008 09:11:54 -0800 (PST)
I presume you want the dba group to be the OSDBA group as part of this change.
If that's the case, check ML 1012572.6--it's old, but it should still apply.
Changing the OS group membership and ownership doesn't change the OSDBA group
which is linked in to the oracle binary. The note will tell you how to change
the group.
Also note that doing a "chgrp -R dba" will likely remove some of the SGID bits
(possibly the SUID bits too) on many of the binaries. So, I'd probably do this:
1. Shutdown everything
2. do: "cd $ORACLE_HOME ; ls -lR > /tmp/oh-files-and-privs.txt ; cd
$ORACLE_HOME/bin ; ls -l > /tmp/oh-bin-files-and-privs.txt"
3. Make the unix changes to put oracle in the dba group. Logout, then login
again just for good measure.
4. to change the group, I'd do this: find $ORACLE_HOME -group <oldgroupname> |
xargs chgrp dba
5. follow the ML note 1012572.6
6. Compare /tmp/oh-bin-files-and-privs.txt with "ls -l $ORACLE_HOME/bin"
especially looking at the s and S bits from the original and making sure
they're still the same.
7. Start it all up again.
8. Make sure that any logfiles that are written to outside of OH are still
writable. They probably are as the "oracle" UID probably owns them, but just in
case.
Good luck!
Dan
----- Original Message ----
From: "Sweetser, Joe" <JSweetser@xxxxxxxx>
To: oracle-l@xxxxxxxxxxxxx
Sent: Monday, January 14, 2008 10:14:05 AM
Subject: Permissions question
New server. RH 5. 10gR2.
Oracle account was set up a default group of oracle (not dba, though
the
dba group does exist). Foolhardy DBA (moi) did not check the group
before installing the s/w and creating the database. I would like to
"correct" this as quickly as possible and wonder what anyone thinks
about the following idea:
1. Shutdown everything
2. Get the default group changed to dba in /etc/passwd. I know I can
change the group when I am logged in, but want to make it "clean" for
everyone going forward.
3. Do a chgrp -R dba on ALL oracle-related files including ORACLE_HOME
and all the datafiles
4. Restart
Thanks,
-joe
Confidentiality Note: This message contains information that may be
confidential and/or privileged. If you are not the intended recipient, you
should not use, copy, disclose, distribute or take any action based on
this message. If you have received this message in error, please
advise the sender immediately by reply email and delete this message.
Although ICAT Managers, LLC scans e-mail and attachments for viruses, it does
not guarantee that either are virus-free and accepts no liability for
any damage sustained as a result of viruses. Thank you.
--
//www.freelists.org/webpage/oracle-l
Other related posts:
