Oracle unix DBA group
1.1) DBA Group
~~~~~~~~~~~~~~
The ‘DBA’ group is chosen at installation time and is usually the group
‘dba’ by default.
The DBA group is compiled into the ‘oracle’ executable and so it the same
for all databases running from a given ORACLE_HOME directory. The actual
group being used as this DBA group can be checked thus:
cd $ORACLE_HOME/rdbms/lib cat config.[cs]
The line ‘#define SS_DBA_GRP “group”‘ should name the chosen DBA group.
If you wish to change the DBA group change the group name shown in this
file.
Eg: Change: #define SS_DBA_GRP “dba”
to: #define SS_DBA_GRP “mygroup”
To effect any changes to the DBA group and to be sure you are using the
group defined in this file relink the Oracle executable as below. Be sure to
shutdown all databases before relinking:
rm config.o
make -f ins_rdbms.mk config.o ioracle
(Note the above instructions may vary depending on your platform / release)
For a DBA group to be accepted by Oracle it must:
– Be compiled into the Oracle executable
– The group name must exist in /etc/group (or in ‘ypcat group’ if
NIS is being used)
– It CANNOT be the group called ‘daemon’
1.2) Considerations for the ‘dba’ group and user ‘root’
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On Unix systems a user may be a member of more than one group and should be
allowed to connect as a privileged user without a password provided:
– One of the groups of which they are a member is the DBA group
as defined in config.c (config.s on some platforms) and as linked
into the ‘oracle’ executable.
– The DBA group is a valid group as defined in /etc/group (Or as
defined in NIS by ‘ypcat group’)
– The users PRIMARY group (Ie: the one shown by the ‘id’ command)
is not the special group ‘daemon’.
It is quite common for the ‘root’ user to be required to have administrative
privileges in oracle also. Unfortunately it is also common for the root users
primary group to be the group ‘daemon’ which precludes it from being
allowed to connect as sysdba. There are two ways to tackle this problem: