Oracle 11g R2 RAC 安装时 系统用户组 配置 说明

1、oracle 11g r2 rac 安装时 系统用户组 配置 说明oracle 安装用户组的创建在官方文档有解释，这里把这部分内容单独拿出来解释一下。 一.官网解释from： 1.1 requir operating system users and groupsto install theoracle gr infrasucture for a cluster software and oracle rac, you mustcreate the following operating system groups and users: （1）the oracle inventory grou

2、p(typically, oinstall) for all installations. the oracle inventory groupmust be the primary group for oracle software installation owners. members ofthe oracle inventory group have access to the oracle inventory directory. thisdirectory is the central inventory record of all oracle software installa

3、tionson a server and the installation logs and trace s from each installation. （2）an oraclesoftware owner. this is the user account you use when installing the software. if you want to use a single software owner for all installations,then typically the user name is oracle. if you plan to install th

4、e oraclegrid infrastructure for a cluster and the oracle rac software using separatesoftware owners to separate oracle grid infrastructure for a clusteradministrative privileges from oracle database administrative privileges, thentypically you would use grid for the oracle grid infrastructure for ac

5、luster software owner and oracle for the oracle rac software owner. -假如安装单实例，创建一个oracle 用户就可以了，假如是安装rac，则需要在创建一个的用户，在安装grid。 （3）the osdba group(typically, dba) for oracle database authentiion. the osdba groupis a system privileges group se members are granted the sysdba privilege toadminister oracle

6、 database and the sysasm privilege to administer oracleclusterware and oracle asm. to provide fine-grained control of administrativeprivileges you can create multiple operating system groups as describedin optionaloperating system users and groups . note: if installingoracle rac on microsoft windows

7、, then oui automatically createsthe ora_dba group for authenticating sysdba access. ao, if youinstall the oracle rac software while logged in to an account withadministrative privileges, then you do not have to create a separate user forthe installation. if you use oneinstallation owner for both ora

8、cle grid infrastructure for a cluster and oraclerac, then when you want to perfo administration tasks, you must change thue for oracle_home environment variable to match the instae youwant to administer (oracle asm, in the grid home, or a database instance in theoracle home). -假如将grid 和 oracle 用同一个用

9、户来安装，那么必需转变oracle_home变量的值。 to changethe oracle_home environment variable, use a command syntax similar tothe following ample, where /u01/app/11.2.0/grid is the oracle gridinfrastructure for a cluster home: oracle_home=/u01/app/11.2.0/grid; oracle_home if you try toadminister an instance using sqlpl

10、us, lsnrctl,or asmd commands while oracle_home is to a erentbinary path, then you will encounter errors. the oracle home path does notaffect srvctl commands. 1.2 separate operating system users and groups for oracle software installations instead of usinga single operating system user as the owner o

11、f every oracle softwareinstallation, you can use multiple users, each owning one or oraclesoftware installations. a user created to own only the oracle gridinfrastructure for a cluster installation is called the grid user.this user owns both the oracle clusterware and oracle automatic storagemanagem

12、ent binaries. a user created to own either all oracle softwareinstallations (including oracle grid infrastructure for a cluster), or onlyoracle database software installations, is called the oracle user. you can also uifferent users for each oracle database software installation. aitionally,you can

13、specify a different osdba group for each oracle database softwareinstallation. by using different operating system groups for authenticatingadministrative access to each oracle database installation, usershave sysdba privileges for the databases associated with their osdbagroup, rather than for all

14、the databases on the system. members of theosdba group can also be granted the sysasm system privilege, gives them administrative access to oracle asm. as described in the nextsection, you can configure a separate operating system group for oracle asmauthentication to separate users with sysasm acce

15、ss to the oracle asminstances from users withsysdba access to the database instances. if you want tocreate separate oracle software owners so you can use separate users andoperating system privilege groups for the different oracle softwareinstallations, then note that each of these users must have t

16、he oracle centralinventory group (oinstall) as their primary group. members of this group havethe required privileges to the oracle inventory directory. note: the oracle gridinfrastructure for a cluster software installation can be owned by only oneuser. you cannot have one user that owns the oracle

17、 clusterware softwareinstallation and a different user that owns the oracle asm software installation. 1.3 optionaloperating system users and groups you can createadditional users and groups to divide administrative access privileges to theoracle grid infrastructure for a cluster installation from o

18、ther administrativeusers and groups associated with other oracle installations. separatingadministrative access is implemented by specifying membership in differentoperating system groups, and separating installation privileges is implementedby using different installation owners for each oracle ins

19、tallation. the optional users and groups you cancreate are: （1）the oracle automatic storagemanagement group, or osasm group (typically asmadmin). create this groupas a separate group if you want to have separate administration privilege groupsfor oracle asm and oracle database administrators. member

20、s of the osasm groupcan use sql to connect to an oracle asm instance as sysasm usingoperating system authentication. the sysasm privileges permitmounting and dismounting disk groups, and other storage administration tasks. sysasm privilegesdo not provide access privileges to an oracle database insta

21、nce. if you do notcreate a separate osasm group, then the osdba group (dba) is the osasmgroup. （2）the asmdatabase administrator group (osdba for asm group, typically asmdba).members of the osdba group for oracle asm are granted read and write access tofiles managed by oracle asm. the oracle grid inf

22、rastructure for a clusterinstallation owner and all oracle database software owners (for example, oracle)must be a member of this group, and all users with osdba membership fordatabases that require access to the files managed by oracle asm should bemembers of the osdba for asm group. （3）the osoper

23、for oracle databasegroup (typically, oper). create this group if you want certain operatingsystem users to have a limited set of database administrative privileges(the sysoper privilege). members of the osdba group automaticallyhave all privileges granted by the sysoper privilege. （4）the osoperfor o

24、racle asm group (typically asmoper). members of this group aregranted access to a bset of the sysasm privileges, such as startingand stop the oracle asm instance. 1.4 configuring operating system users and groupsin this guide, asingle software owner is used for all installations, named oracle.the or

25、acle user belongs tothe oinstall and dba operating system groups. to create one software owner with all operating system-authenticated administrationprivileges:（1）determine thegroups that exist on your server by listing the contents ofthe /etc/group file. cat /etc/group （2）if this isthe first oracle

26、 software has been installed on your server, and theoracle inventory group does not exist, then create the oracle inventory group(oinstall) with a group id that is currently not in use on all the nodes inyour cluster. enter a command as the root user that is similar to thefollowing: /usr/sbin/groupa

27、dd -g 1000 oinstall （3）create anosdba (dba) group with a group id that is currently not in use on all the nodesin your cluster by entering a command as the root user that issimilar to the following: /usr/sbin/groupadd -g 1001 dba （4）if the user that owns the oracle software (oracle) does not exist o

28、nyour server, then you must create the user. select a user id (uid) that iscurrently not in use on all the nodes in your cluster. to determine which usershave been created on your server, list the contents ofthe /etc/ file using the command: cat /etc/passwd the followingcommand shows how to create t

29、he oracle user and the user's homedirectory (/home/oracle) with the default group as oinstall and thesecondary group as dba, using a uid of 1100: -u1100 g oinstall -g dba -d /home/oracle -r oracle （5）set thepassword for the oracle account using the following command.replace password with your ow

30、n password. passwd oracle changing password for user oracle.new unix password: password retype new unix password: passwordpasswd: all authentication tokens upd successfully. （6）repeat step 1through step 5 on each node in your cluster.（7）verify thatthe attributes of the user oracle are identical on e

31、ach node of yourcluster: id oracle the command output should be similar to thefollowing:uid=1100(oracle) gid=1000(oinstall)groups=1000(oinstall),1001(dba) 二.其他解释from： 上图这个基于oracle 11gr2的一个用户组解释。 2.1 安装单实例时需要创建的几个groups：（1）oracle 清单组（普通为 oinstall） oinstall 组的成员被视为 oracle 软件的“全部者”，拥有对 oracle 中心清单 (ora

32、inventory) 的写入权限。在一个 linux 系统上首次安装 oracle 软件时，oui 会创建 /etc/orainst.loc 文件。该文件指定 oracle 清单组的名称（默认为 oinstall）以及 oracle 中心清单名目的路径。root cat /etc/orainst.loc inventory_loc=/u01/app/orainventoryinst_group=oinstall 深化理解 oui(oracle universal installer) 假如不存在 orainventory 组，默认状况下，安装程序会将集群的网格基础的安装全部者的主组列为 ora

33、inventory 组。确保全部方案的 oracle 软件安装全部者都用法此组作为主组。 （2）数据库管理员（osdba，普通为 dba） osdba 组的成员可通过操作系统身份验证用法 sql 以 sysdba 身份衔接到一个 oracle 实例。该组的成员可执行关键的数据库管理任务，如创建数据库、启动和关闭实例。该组的默认名称为 dba。sysdba 系统权限甚至在数据库未打开时也允许拜访数据库实例。对此权限的控制彻低超出了数据库本身的范围。不要混淆 sysdba 系统权限与数据库角色 dba。dba 角色不包括 sysdba 或 sysoper 系统权限。 （3）数据库操作员组（osop

34、er，普通为 oper） osoper 组的成员可通过操作系统身份验证用法 sql 以 sysoper 身份衔接到一个 oracle 实例。这个可选组的成员拥有一组有限的数据库管理权限，如管理和运行备份。该组的默认名称为 oper。sysoper系统权限甚至在数据库未打开时也允许拜访数据库实例。对此权限的控制彻低超出了数据库本身的范围。要用法该组，挑选 advanced 安装类型来安装 oracle 数据库软件。 2.2 安装rac集群时在单实例基础上添加的几个groups:（1）oracle 自动存储管理组（普通为 asmadmin） 此组为必须组。假如想让 oracle asm 管理员和

35、oracle database 管理员分属不同的管理权限组，可单独创建此组。在 oracle 文档中，osasm 组是其成员被授予权限的操作系统组，在代码示例中，特地创建了一个组来授予此权限，此组名为 asmadmin。 osasm 组的成员可通过操作系统身份验证用法 sql 以 sysasm 身份衔接到一个 oracle asm 实例。sysasm 权限是在 oracle asm 11g 第 1 版 (11.1) 中引入的，现在，在 oracle asm 11g 第 2 版 (11.2) 中，该权限已从 sysdba 权限中彻低分别出来。sysasm 权限不再提供对 rdbms 实例的拜访权

36、限。用 sysasm 权限代替 sysdba 权限来提供存储层的系统权限，这使得 asm 管理和数据库管理之间有了清楚的责任划分，有助于防止用法相同存储的不同数据库无意间笼罩其他数据库的文件。sysasm 权限允许执行挂载和卸载磁盘组及其他存储管理任务。 （2）asm 数据库管理员组（osdba for asm，普通为 asmdba） asm 数据库管理员组（osdba for asm）的成员是 sysasm 权限的一个子集，拥有对 oracle asm 管理的文件的读写权限。grid infrastructure 安装全部者 (grid) 和全部 oracle database 软件全部者

37、(oracle) 必需是该组的成员，而全部有权拜访 oracle asm 管理的文件并且具有数据库的 osdba 成员关系的用户必需是 asm 的 osdba 组的成员。 （3）asm 操作员组（osoper for asm，普通为 asmoper） 该组为可选组。假如需要单独一组具有有限的 oracle asm 实例管理权限（asm 的 sysoper 权限，包括启动和停止 oracle asm 实例的权限）的操作系统用户，则创建该组。默认状况下，osasm 组的成员将拥有 asm 的 sysoper 权限所授予的全部权限。 要用法 asm 操作员组创建 asm 管理员组（该组拥有的权限比默

38、认的 asmadmin 组要少），安装 grid infrastructure 软件时必需挑选 advanced 安装类型。这种状况下，oui 会提醒您指定该组的名称。假如要拥有一个 osoper for asm 组，则集群的 grid infrastructure 软件全部者 (grid) 必需为此组的一个成员。 2.3 为 grid infrastructure 创建组和用户（1）在两个 oracle rac 节点上为 grid infrastructure 创建推举的操作系统组和用户：root groupadd -g 1000oinstall root groupadd -g 1200

39、asmadminroot groupadd -g 1201 asmdba root groupadd -g 1202 asmoper root useradd -m -u 1100 -g oinstall -g asmadmin,asmdba,asmoper -d/home/grid -s /bin/bash -c grid infrastructure owner grid root id grid uid=1100(grid) gid=1000(oinstall) groups=1000(oinstall), 1200(asmadmin), 1201(asmdba),1202(asmope

40、r) （2）设置 grid 帐户的口令：root passwd grid changing password for user grid. new unix password:xxxxxxxxxxx retype new unix password:xxxxxxxxxxx passwd: all authentication tokens updated successfully. 2.4 为 oracle 数据库软件创建组和用户（1）在两个 oracle rac 节点上为 oracle 数据库软件创建推举的操作系统组和用户：root groupadd -g 1300 dbaroot grou

41、padd -g 1301 operroot useradd -m -u 1101 -g oinstall -g dba,oper,asmdba -d /home/oracle -s /bin/bash -c oracle software owner oracleroot id oracleuid=1101(oracle) gid=1000(oinstall) groups=1000(oinstall),1201(asmdba),1300(dba),1301(oper) （2）设置 oracle 帐户的口令：root passwd oraclechanging password for use

42、r oracle.new unix password: xxxxxxxxxxxretype new unix password: xxxxxxxxxxxpasswd: all authentication tokens updated successfully. 2.5 验证用户 nobody 存在安装软件之前，执行以下过程，以验证在两个 oracle rac 节点上存在用户 nobody： 要确定该用户是否存在，输入以下： id nobodyuid=99(nobody) gid=99(nobody) groups=99(nobody) 假如该指令显示了nobody 用户的信息，则无需创建该用户。假如用户 nobody 不存在，则输入以下指令举行创建： /usr/sbin/useradd nobody 在集群中的全部其他oracle rac 节点上重复此过程。 2.6 两个 oracle rac 节点终于的配置： （1）oracle 中心清单组，