Very Computer

Hello,
Oracle recommands to have oinstall as primary group for oracle account.
Why not using dba as primary group ?
What are the benefit to use oinstall instead of dba ?

Thank you for your advices.

Marcel

The primary benefit is that it is what Oracle recommends and it works.

If it ain't broke ... don't fix it.

Daniel Morgan

Hi,
  Basically, think of oinstall as the owner of the Oracle files (i.e.
everything under $ORACLE_HOME) and probably the oraInventory as well.

  The dba group contains all the unix users who can connect to the database
as "/ as sysdba" - so you can think of the dba group as the Oracle database
administrators list.

HTH
Marc

Quote:> Hello,
> Oracle recommands to have oinstall as primary group for oracle account.
> Why not using dba as primary group ?
> What are the benefit to use oinstall instead of dba ?

> Thank you for your advices.

> Marcel

The oracle user is in the oinstall group, and
the other users with dba privileges are not,
they are in the dba group. The oracle (oinstall)
user is the owner of all the oracle files.

In many companies, the sys admin will install
the software (as oracle in the oinstall group)
and the DBAs (in the dba group) use it.

It also means that the DBAs cannot accidentally
remove oracle files.

One way of undoing this "separation of powers" is
for oracle to also be in the dba group and to be
used by DBAs.

John.

Thank you with all of you for your answers

So if we decide to separate the installation and DBA roles, the config
files in $ORACLE_HOME/network/admin, for example, are only accessible
in write by oraowner.

But the management of this files are generaly the responsability of
the DBA's and not of the sys admin.

What do you mean ?

-rw-r--r--   1 oraowner oinstall        17253 Jan 31 09:23
tnsnames.ora

Marcel

Yes. There are anomalies. There will always be anomalies.
Maybe tnsnames.ora should be owned by the network admin
rather than the sys admin or the DBA. Who knows?
How often will you change tnsnames.ora?

Even the notion of good practice varies with time, as
well as with situation. (It is similar with OFA.)

Maybe your DBA wants a bigger SGA. Or more frequent
backups. All these things have to be decided in conjunction
with the sys admin. And possibly management, external
customers, developers, end users and so on.

In practice, many sites just have everyone in the dba group.

If you read the Installation Guide (and Getting Started),
the issues are explained. Then you can make an informed
decision as to what is best for *your* situation.

(You might also want to look at Johnathan Lewis's thoughts
on the OSOPER role: http://www.jlcomp.demon.co.uk/osoper.html )

John.