Grid user in dba group ?

Similar Messages

• Add grid user to dba group

  Hello,
  After RAC installation, We are facing some cluster issues. After investigation, Oracle support suggested to add the grid user to the dba group. We missed to add the grid user to the dba user in most of the nodes. This is Linux Redhat 5.
  How can I add grid user to dba group and keep the grid user belonging to the other linux groups? what 's the correct command?
  Thanks,
  Diego

  Hi,
  As root:
  #### check before
  id  grid
  #### Change It
  usermod -a -G dba grid
  #### Check after
  id gridLevi Pereira

• Kerberos auth in Oracle, sys user and dba group

  Hello.
  I've set up kerbros auth in test oracle 10g r2 database on 64-bit linux according to Oracle® Database Advanced Security Administrator's Guide. I have the following issue: kerberos user can login to the test server (from this server) and normal database user can login to database server from other hosts. However, oracle system user, members of dba group and normal users can't longer login to this server from it. So, when oracle system user runs sqlplus "/as sysdba" , he gets ORA-12638: Credential retrieval failed.
  sqlnet.ora looks the following way:
  SQLNET.KERBEROS5_CC_NAME = /tmp/krb5cc
  SQLNET.KERBEROS5_CONF_MIT=TRUE
  SQLNET.AUTHENTICATION_SERVICES= (KERBEROS5)
  NAMES.DIRECTORY_PATH= (TNSNAMES, EZCONNECT)
  SQLNET.KERBEROS5_CONF = /etc/krb5.conf
  SQLNET.KERBEROS5_REALMS = /etc/krb5.realms
  SQLNET.AUTHENTICATION_KERBEROS5_SERVICE = oracle
  What should I do to enable login to this server for members of dba group and normal users from the database server?

  I've tried to set SQLNET.AUTHENTICATION_SERVICES to (BEQ,KERBEROS5), it works almost as expected, but I have strange effect: my os user is not in dba group, but can connect "/as sysdba"...
  $ id -nG
  domusers oinstall
  $ sqlplus "/as sysdba"
  SQL*Plus: Release 10.2.0.1.0 - Production on Tue Mar 3 13:20:55 2009
  Copyright (c) 1982, 2005, Oracle. All rights reserved.
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.1.0 - 64bit Production
  With the Partitioning, OLAP and Data Mining options
  SQL>

• Multiple instances in Windows 7. & Adding Administrator in DBA group

  i have installed two databases Using DBCA in win7,
  & den used set oracle_sid= <old instance name>
  then when i said  sqlplus / as sysdba
  The new instance is starting.. then i tried sqlplus  sys/sys  as sysdba previous instance password.. it's asking for user name & password.. ??? which i did give & its promting error..
  how to deal with multiple instances in windows 7??
  & i created a user using net user administrator /active:no ... now i cudn't get to add this user to DBA group?? As while editing tnsnames.ora & etc.. it's saying access denied so created admin user.. now cudn't login to dba user using administrtor profile.. how to add this in dba group ??

  Aduke wrote:
  i have installed two databases Using DBCA in win7,
  & den used set oracle_sid= <old instance name>
  Did you create both databases from the same ORACLE_HOME, or did you actually install oracle twice, into separate ORACLE_HOMEs and create your two databases from those separate homes?
  then when i said  sqlplus / as sysdba
  The new instance is starting.. then i tried sqlplus  sys/sys  as sysdba previous instance password.. it's asking for user name & password.. ??? which i did give & its promting error..
  how to deal with multiple instances in windows 7??
  & i created a user using net user administrator /active:no ... now i cudn't get to add this user to DBA group?? As while editing tnsnames.ora & etc.. it's saying access denied so created admin user.. now cudn't login to dba user using administrtor profile.. how to add this in dba group ??
  Control panel
  Computer Management
  Local Users and Groups
  Users  (select your Oracle user)
  Properties
  Member Of
  select orcl_dba
  But then, this IS Windows, who knows if your cascade of applets and options is the same as mine?   To paraphrase Forest Gump, "My momma always said Windows was like a box of chocolates.  You never know what you're going to get."

• Dba group

  Hi expert,
  i need your support to give me the soluation of this
  i have oracle 10g on unix 5.10
  i have user in unix now i need to add this user in in dba group
  i dont know how to add user in dba group & how to add profile
  cuz i need my unix user able to do sqlplus now my user not able to enter to DB
  MANY THANKS

  now can you tell me how to copy file from user to another user
  i need to copy local.profile from user oracle to my unix users
  many thanks

• 11gR2 problem for dba group user

  Hi Pavan Sir,
  After the 11gR2 Installation and connect to oracle as one of the dba group user(ex: tuser)
  1) when sqlplus / as sysdba --> startup nomount --> receiving the error ORA-48189 (The OS command to create directory failed) for the diagnostic_dest(ex: /disk1/oradata/test)location, but the specified directory is created and owned by the same dba group user(test).
  2) If suppose the "/disk1/oradata/test" directory permission are modified by 777, the dba group user(test) can connect to nomount stage, but the sub directories of diagnostic_dest automatically gets created (like /disk1/oradata/test/diag/rdbms then etc......) are being owned by oracle user and also if the db is created ,the control file,redolog file and datafiles are automatically getting owned by oracle user but not by the test user.
  Which was not the case till 10gR2.
  Plz. provide any body provide us with some solution to overcome the above experienced problem which is implemented in our Dev. box.
  Thanks in Advance.
  Best regards,
  Habeeb.

  Dear user,
  Even if the perm are changed by -R ,the files are automatically owned by oracle user, not by the test user.
  Have any body tried creating oracle database using dba group user in 11gR2, but the db files being created by test user should not be automatically owned by oracle user. If so , plz. forward me the steps.
  Thanx in advance.

• LINUX:while Deleting OLD backup's got error that ORACLE is not in DBA group

  Error
  Error - The specified host user is not a member of the operating system DBA group. The host user must be a DBA group member since the database user does not have the SYSDBA role.
  But. put users: system,oracle in OS /etc/group :
  oracle:x:500:oracle,system
  And both users have the DBA role

  To be able to OS authenticate login as sysdba, your OS user need to be in dba group which you choose when you do installation.
  SYSDBA role is not same as DBA role

• "change the DBA group" in a windows environment

  I would like to prevent OS-privileged users or connect as SYSDBA without giving password!
  (there would be no passwordfile)
  In a unix environment we can hide the name of dba-group changing config at /rdbms/lib
  and relink:
  Change: #define SS_DBA_GRP "dba" to: #define SS_DBA_GRP "mygroup"
  rm config.o                    
  make -f ins_rdbms.mk config.o ioracle
  ??? How can I do that in a WINDOWS environment ???

  lkahlenb wrote:
  sorry, thats an windows environment.
  I didnt found anything like a config for group name as in unix (there is no relinking at windows).
  If I use windows I can modify the config (another existing group), relink and recopy the default config.
  So a unix.admin with only basic oracle o´know-how is confused.
  I am looking for similar steps on windows...Someone with admin authority on the OS has ultimate authority. Even if you figure out a way to have Oracle use a group other than ora_dba, it won't take a rocket scientist of an SA to figure it out and put himself in the correct group. You need to turn on auditing and have some strong policies regarding DBAs and SAs staying in their lane.

• ORA-01031: insufficient privileges despite oracle belonging to DBA group

  DB Version : 10.2.0.4.0
  OS Version : Solaris 5.10
  Os user oracle already belongs to DBA group.
  $ id -a
  uid=1001(oracle) gid=1100(oinstall) groups=1100(oinstall),1800(dba)But, i get the following error
  $ sqlplus / as sysdba
  SQL*Plus: Release 10.2.0.4.0 - Production on Mon Nov 29 14:33:59 2010
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  ERROR:
  ORA-01031: insufficient privileges
  Enter user-name: ^C
  $
  $
  $ sqlplus sys/password as sysdba
  SQL*Plus: Release 10.2.0.4.0 - Production on Mon Nov 29 09:34:13 2010
  Copyright (c) 1982, 2007, Oracle.  All Rights Reserved.
  Connected to:
  Oracle Database 10g Enterprise Edition Release 10.2.0.4.0 - Production
  With the Partitioning, Data Mining and Real Application Testing options
  SQL>Value of remote_login_passwordfile parameter
  SQL> show parameter password
  NAME                                 TYPE        VALUE
  remote_login_passwordfile            string      EXCLUSIVEWhat could possibly be the reason?

  Hi,
  Have you create the orapw file in the $ORACLE_HOME/dbs with orapwd ?
  example :
  orapwd file=${ORACLE_HOME}/dbs/orapw${ORACLE_SID} password=change_on_install entries=40
  Then the unix user oracle will be create in the orapw${ORACLE_SID} file
  after if you want to create another user :
  grant sysdba to TOTO; the unix user TOTO could do : connect / as sysdba
  Regards,
  Mario Alcaide
  http://marioalcaide.wordpress.com

• Listing of Users with associated Groups

  Is there an easy way to generate a listing of APEX users and their associated groups? I know how to get the current user and how to determine what groups they are part of, but am looking for a simple query I can run to generate a complete list of Users and their associated groups.
  Thanks

  if you want to return the application groups that a user is assigned to, you can use the WWV_FLOW_GROUP_USERS intersection table. For example;
  SELECT group_name
  FROM wwv_flow_group_users
  WHERE user_id = (SELECT user_id
  FROM wwv_flow_users
  WHERE user_name ='MRITTMAN')
  would list out all of the groups that the user 'MRITTMAN' belongs to
  So to get all users and their groups, remove the where clause..
  (You will need read rights to the view, some dba's deny read rights to these objects in the name of security..)
  Thank you,
  Tony Miller
  Webster, TX

• Changing the default DBA group

  Hi guys,
  For Oracle8i, 9i, and 10g, is it possible to change the DBA group once Oracle is installed? Let me give you an example:
  I got Oracle 10g, with the DBA group 'oinstall'. Is it possible that i create a new OS group called 'DBAtest' and use this as the default DBA group so OS users members of this group can os-authenticate to oracle?
  thanks,
  james

  Yes, on Unix platforms I think it is possible to change the OSDBA group (the group used to authenticate SYSDBA connection).
  Not sure if there are any consequences afterwards, if you did not separate the Oracle software owner OraInventory group, usually 'oinstall', from OSDBA/OPER groups. Could be a good idead to work that out before implementing any changes!

• How to deal with 2 dba groups

  Hi Friends,
  I want to install two (2) Oracle 10g DBs in my linux server. I want different dba groups for each so that the dba on one database will not be able to touch the other's database.
  In my first DB the owner is > oraprod and group> dba
  In my 2nd DB the owner is> oratest and group> dba2
  My quiestion is, can the user oratest/dba2 be able to connect "/ as sysdba" and starup/shutdown oracle? What is the special tag thats makes a certain owner/group be able to connect as "sysdba". I just felt it is a reserved word granted by default to "dba" by oracle.
  Thanks

  Suggestions: (with a little humor)
  1) switch to Solaris and you can use zones isolating the dbas
  2) create user accounts in your separate databases and grant sysdba or sysoper privileges accordingly -- this is actually the way Oracle intended this to be for these types of situations.
  3) fire one of your dbas and give a big raise to the other one.
  4) trust your dbas - doesn't everyone trust their dbas?

• DBA Group Initiatives

  I am not sure if I am in the right discussion board or not but here it goes. At our company they want each of the DBAs to lead various initiatives to improve the way we get things done on a day to day basis. They are always looking to us for new ideas to save money or standardize more or use the newest oracle technology. I thought it would be a good idea to start a thread to see what other DBA groups have done to improve their quality. It could be very simple things to not so simple. At our work we have done things like
  standardize the setup on all unix servers by using the same profiles and variables.
  create deployment scripts to create the Oracle Homes and New Database - sets up auditing and locks certain users automatically
  using BMC to monitor processes on servers
  created scripts to monito the alert logs
  I am looking for ideas from others. I was thinking of something with the 10g scheduler or consumer groups. If anyone has done something like this and would like to share let me know. Thanks
  Edited by: user579934 on Jan 27, 2009 5:14 AM

  user579934 wrote:
  I am not sure if I am in the right discussion board or not but here it goes.Nope. wrong place.
  >
  Forum: Community Feedback and Suggestions (Do Not Post Product-Related Questions Here)
  Use this forum for feedback about OTN programs, Web site content, and systems - product-related questions will be deleted.
  >
  This forum is for any issues or matters relating to the OTN site/forums themselves.
  You question sound a bit like it relates to DBA stuff, so perhaps the [Database General Forum|http://forums.oracle.com/forums/forum.jspa?forumID=61] would be a good place.

• Is it possible to Install Oracle Apps without having the user in a group db

  Can we Install oracle 11i with the user oracle:dba for db tier and user aapl:aapl for application tier.
  Is it possible to Install Oracle Apps without having the user in a group dba

  Can we Install oracle 11i with the user oracle:dba for db tier and user aapl:aapl for application tier.
  Is it possible to Install Oracle Apps without having the user in a group dbaI would say no, as the dba group is required to do the database administration tasks.
  What is the point of not using the dba group? Any specific reason?
  Thanks,
  Hussein

• Problemm with dba group vs oinstall group

  Hi to all ;
  This is related to oracle as well as some os related security problems. please clarify it.
  I tried but couldn't solve it All information's given here ..
  Testing from user 'A'
  +# useradd -m -g oinstall a+
  +# passwd a+
  Changing password for user a.
  New UNIX password:
  BAD PASSWORD: its WAY too short
  Retype new UNIX password:
  passwd: all authentication tokens updated successfully.
  su - a
  +[a@testorcl ~]$ export+
  ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
  +$ export PATH=$PATH:$ORACLE_HOME/bin+
  +$ export ORACLE_SID=testdb+
  +$ sqlplus /nolog+
  SQL*Plus: Release 10.2.0.1.0 - Production on Thu Jan 3 01:33:49 2013
  Copyright (c) 1982, 2005, Oracle.  All rights reserved.
  Testing From user 'b' :
  +# useradd -m -g dba b+
  +# passwd b+
  Changing password for user b.
  New UNIX password:
  BAD PASSWORD: its WAY too short
  Retype new UNIX password:
  passwd: all authentication tokens updated successfully.
  su - b
  Password:
  +$ export ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1+
  +$ export PATH=$PATH:$ORACLE_HOME/bin+
  +$ export ORACLE_SID=testdb+
  +$ sqlplus /nolog+
  sqlplus: error while loading shared libraries: libsqlplus.so: cannot open shared object file: No such file or directory
  *>> From oracle user finding libsqlplus.so >>*
  *[oracle@testorcl ~]$*
  *$ find / -name libsqlplus\* -ls 2>/dev/null*
  +1378188 1296 -rw-r----- 1 oracle oinstall 1319436 Jun 22 2005 /u01/app/oracle/product/10.2.0/db_1/lib/libsqlplus.a+
  +1378193 1028 -rw-r----- 1 oracle oinstall 1047293 Jun 22 2005 /u01/app/oracle/product/10.2.0/db_1/lib/libsqlplus.so+
  SQLPLUS LOCATION with associated group
  +$ ls -l $ORACLE_HOME+
  drwxr-x--- 9 oracle oinstall 4096 Dec 24 03:28 sqlplus
  Please Note :
  USER 'a' belongs oinstall group.
  USER 'b' belongs dba group.
  My questions are :
  *1.why OS user can access database with oinstall group ?*
  *2.why OS user can't access database with dba group ?*
  Note: This is concept of oracle
  **To connect as sysdba using OS Authe*ntication ; UNIX OS user must be a part of OSDBA (dba) group.*
  Once the user is part of OSDBA group.
  but in dba group with os user 'b' , can't connect sqlplus , what's the real problem here ?
  version : 10gr2
  *$ uname -a*
  Linux testorcl 2.6.9-42.0.0.0.1.ELsmp #1 SMP Sun Oct 15 14:02:40 PDT 2006 i686 athlon i386 GNU/Linux
  Edited by: 952909 on Jan 4, 2013 1:03 PM

  Hi dude ;
  Thanks for your reply.
  So , You suggest me to change install directory permission from 750 to 775.
  $ cd install
  [oracle@testorcl install]$ ls -l
  total 240
  -rw-r-----  1 oracle oinstall      0 Jun  7  2005 createseed1.sh
  -rw-r-----  1 oracle oinstall      0 Jun  7  2005 createseed.sh
  -rw-r-----  1 oracle oinstall    977 Dec 24 03:29 envVars.properties
  drwxr-x---  2 oracle oinstall   4096 Dec 24 03:26 jlib
  -rw-r-----  1 oracle oinstall 194849 Dec 24 03:29 make.log
  -rwxr-xr-x  1 oracle oinstall      0 Dec 24 03:29 oratab
  -rw-r-----  1 oracle oinstall    132 Dec 24 04:01 portlist.ini
  -rw-r-----  1 oracle oinstall    221 Dec 24 04:02 readme.txt
  -rwxr-xr-x  1 oracle oinstall    824 Dec 24 03:28 rootdeletenode.sh
  -rw-r-----  1 oracle oinstall   9646 Dec 24 03:28 rootlocaladd
  -rw-r-----  1 oracle oinstall      0 Jun  7  2005 seed.log
  -rw-r-----  1 oracle oinstall   2800 Jun  7  2005 templocal
  drwxr-x---  2 oracle oinstall   4096 Dec 24 03:29 unix
  drwxr-x---  2 oracle oinstall   4096 Dec 24 03:28 utl
  *>> Permission changed as per your suggestion >>*
  *[oracle@testorcl db_1]$ chmod 775 install*
  *[oracle@testorcl db_1]$ ls -l*
  drwxrwxr-x   5 oracle oinstall   4096 Dec 24 04:02 install
  *>> Trying to find changePerm.sh >>*
  [oracle@testorcl db_1]$ cd install
  [oracle@testorcl install]$ ./changePerm.sh
  -bash: ./changePerm.sh: No such file or directory
  [oracle@testorcl install]$ cd
  [oracle@testorcl ~]$ whereis changePerm.sh
  changePerm:
  [oracle@testorcl ~]$
  In my testdb file not found ... Any suggestion  to find DUDE
  Please note :
  http://www.oracle-base.com/articles/10g/oracle-db-10gr2-installation-on-rhel-4.php
  Installation Doc did n't say anything to change permission related to install group +( from 750 to 775 )+
  Can you please clarify this ?
  Thanks Dude ..