• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

Oracle Software Group Accounts OSDBA, OSOPER, Oracle Inventory group

by admin

The Oracle software installation requires a Linux user to be a designated Oracle software owner. The Oracle software owner runs the OUI (Oracle Universal Installer) to install Oracle Database and has full privileges to install, uninstall, and patch the Oracle software. The OUI cannot be run as the root user. The name of the Oracle software owner is commonly oracle, but you can use a different name.

The Oracle software installation also requires a low-privileged OS user to be the owner of the httpd process. This is usually provided by the nobody user.

Database operations require a few more users. A user who is a member of the OSOPER group can start, stop, back up, and recover the database. A user who is a member of the OSDBA group can create, drop database, and create other DBA privileged users, in addition to the privileges of the OSOPER.

Ordinary database users can have OS accounts on the database server, but it is not necessary. It is common for database users to connect to the database through a client or application server without any OS account. OS user accounts might be required by the database application for batch jobs or specialized external processes. The Oracle default installation does not require any ordinary database user to have OS accounts.

With Oracle Grid Infrastructure & ASM there is a user called grid and three groups: asmadmin, asmdba, and asmoper. The owner of the Grid Infrastructure is commonly the “grid” user.

The Oracle Database Installation Guide names three group identifiers:

  • OSDBA (dba): Identifies OS accounts that have database administration privileges (SYSDBA)
  • OSOPER (oper): Identifies OS accounts that have limited database administration privileges (SYSOPER)
  • Oracle Inventory group (oinstall): Identifies the owner of the Oracle software

An OSDBA group is the only group that must be created to manage the database files. By default, this group is dba, but can have a different group name. SYSDBA is a high-level administrative privilege much like that of the root user on Linux. The members of the OSDBA group own the database files and have the privilege to connect to the database without a password, using AS SYSDBA through OS authentication.

The OSOPER group members connect to the database using the AS SYSOPER mechanism. This group has a restricted set of privileges. Each database can have its own OSDBA and OSOPER groups.

During installation, one inventory is created per system and all Oracle software installed on a server is registered in this inventory. The inventory group name is oinstall, and the Oracle software owner (oracle) is a member of this group. This user is also a member of the OSDBA and OSOPER groups.

Oracle Database 12c introduces new operating system groups:

  • SYSBACKUP: Facilitates Oracle Recovery Manager (RMAN) backup and recovery operations either from RMAN or SQL*Plus.
  • SYSDG: Facilitates Data Guard operations. The user can perform operations either with Data Guard Broker or with the DGMGRL command-line interface.
  • SYSKM: Facilitates Transparent Data Encryption keystore operations.

Each of these accounts provides a designated user for the new administrative privilege with the same name.

Filed Under: Linux, oracle

Some more articles you might also be interested in …

  1. Setting up an NFS server with Turnkey Linux
  2. How to disable or enable an HBA without reboot under CentOS/RHEL
  3. groupmems Command Examples in Linux
  4. How to Change the Network Bonding Mode in CentOS/RHEL 6
  5. rsyslogd Command Examples in Linux
  6. “error: Bind to port 2222 on 0.0.0.0 failed: Permission denied” – error while starting sshd service on CentOS/RHEL
  7. getfacl Command Examples in Linux
  8. How to restrict ssh logins by user and client address on CentOS/RHEL
  9. How To Check World Wide Port Names (WWPN) of Tape Drives Attached to Linux host
  10. OpenLDAP Server and Client Utilities list

You May Also Like

Primary Sidebar

Recent Posts

  • What are /dev/zero and /dev/null files in Linux
  • grpck command – Remove corrupt or duplicate entries in the /etc/group and /etc/gshadow files.
  • xxd command – Expressed in hexadecimal form
  • sesearch: command not found

© 2022 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright