I want get to know about the role of oper group that has always been created during installation of oracle10g on linux box. 3 groups are always created as a prequisite for oracle 10g installation on linux box. They are oper,dba and oinstall.
I was knowing the purpose of all these groups. For ex, dba group is used so that an os user can logged in as / as sysdba. oinstall is the owner for oracle inventory. And in my case, there is an os user named oracle which is the member of both these groups, oinstall as well as dba. A user which is the member of dba group can logged in as / as sysdba as well as / as sysoper, and that is what oracle user can does.
Now I wanted to understand the purpose of oper group then. It was clear to me that oper group is created so that an os user can logged in as / as sysoper to work as system operator and to perform day-to -day basic administrative tasks such as startup, shutdown, backup ,recovery,etc. And the user who can logged in as sysdba has more powerful privilege that sysoper. That means there must be a second os user who can perform the role of system operator by logging as / as sysoper and not as / as sysdba.
Then I started with creating a second user, besides oracle, who can acess oracle database to perform basic administrative operations. After various tries and errors , I succeded. It is how I did.
$useradd geet
$ chmod -R 777 /u01
$usermod -G oper geet
$ls -l /u01
total 20
drwxrwxrwx 8 oracle oinstall 4096 Mar 1 15:40 app
--------rest truncated-------------
ls -ld /u01
drwxrwxrwx 8 oracle oinstall 4096 Feb 10 10:16 /u01
ls -l /u01/app
total 24
drwxrwxrwx 8 oracle dba 4096 Mar 1 10:32 admin
drwxrwxrwx 6 oracle dba 4096 Mar 1 10:36 flash_recovery_area
drwxrwxrwx 2 oracle dba 4096 Mar 1 16:20 logminer_dir
drwxrwxrwx 6 oracle dba 4096 Mar 1 10:35 oradata
drwxrwxrwx 7 oracle dba 4096 Mar 1 10:21 oraInventory
drwxrwxrwx 3 oracle oinstall 4096 Feb 8 12:37 product
Check the permission for $ORACLE_HOME/bin/oracle. It should be
$ls -l oracle
-rwsrwsrwx 1 oracle dba 93362259 Mar 7 11:26 oracle
Here is two s.
$id geet
uid=503(geet) gid=506(geet) groups=506(geet),501(oper),503(oinstall)
$su - geet
[geet@new-host-15 ~]$ export ORACLE_HOME=/u01/app/product/10.2.0/db_1
[geet@new-host-15 ~]$ export ORACLE_SID=orcl
[geet@new-host-15 ~]$ cd $ORACLE_HOME
[geet@new-host-15 db_1]$ cd bin
[geet@new-host-15 bin]$ ./sqlplus / as sysoper
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Mar 7 14:12:19 2012
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected.
If this fails:
$ ./sqlplus / as sysoper
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Mar 6 14:17:26 2012
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Then check $ORACLE_HOME/rdbms/lib config.c which looks something like this:
/* SS_DBA_GRP defines the UNIX group ID for sqldba adminstrative access. */
/* Refer to the Installation and User's Guide for further information. */
#define SS_DBA_GRP "dba"
#define SS_OPER_GRP "oper"
char *ss_dba_grp[] = {SS_DBA_GRP, SS_OPER_GRP};
if second #define do not contain oper, but dba, then u have to modify this file as above. After modification you have to relink this executable. To relink I used:
$relink all
But after relinking, I am able to issue
conn / as sysoper
successfully.
but when issuing
SQL> conn scott/tiger
ERROR:
ORA-00600: internal error code, arguments: [17069], [0x30AD70A4], [], [], [],
[], [], []
ERROR:
ORA-00600: internal error code, arguments: [17069], [0x30AD70A4], [], [], [],
[], [], []
Error accessing package DBMS_APPLICATION_INFO
Connected.
This error is solved by running utlirp.sql script by logging as sysdba.
I was knowing the purpose of all these groups. For ex, dba group is used so that an os user can logged in as / as sysdba. oinstall is the owner for oracle inventory. And in my case, there is an os user named oracle which is the member of both these groups, oinstall as well as dba. A user which is the member of dba group can logged in as / as sysdba as well as / as sysoper, and that is what oracle user can does.
Now I wanted to understand the purpose of oper group then. It was clear to me that oper group is created so that an os user can logged in as / as sysoper to work as system operator and to perform day-to -day basic administrative tasks such as startup, shutdown, backup ,recovery,etc. And the user who can logged in as sysdba has more powerful privilege that sysoper. That means there must be a second os user who can perform the role of system operator by logging as / as sysoper and not as / as sysdba.
Then I started with creating a second user, besides oracle, who can acess oracle database to perform basic administrative operations. After various tries and errors , I succeded. It is how I did.
$useradd geet
$ chmod -R 777 /u01
$usermod -G oper geet
$ls -l /u01
total 20
drwxrwxrwx 8 oracle oinstall 4096 Mar 1 15:40 app
--------rest truncated-------------
ls -ld /u01
drwxrwxrwx 8 oracle oinstall 4096 Feb 10 10:16 /u01
ls -l /u01/app
total 24
drwxrwxrwx 8 oracle dba 4096 Mar 1 10:32 admin
drwxrwxrwx 6 oracle dba 4096 Mar 1 10:36 flash_recovery_area
drwxrwxrwx 2 oracle dba 4096 Mar 1 16:20 logminer_dir
drwxrwxrwx 6 oracle dba 4096 Mar 1 10:35 oradata
drwxrwxrwx 7 oracle dba 4096 Mar 1 10:21 oraInventory
drwxrwxrwx 3 oracle oinstall 4096 Feb 8 12:37 product
Check the permission for $ORACLE_HOME/bin/oracle. It should be
$ls -l oracle
-rwsrwsrwx 1 oracle dba 93362259 Mar 7 11:26 oracle
Here is two s.
$id geet
uid=503(geet) gid=506(geet) groups=506(geet),501(oper),503(oinstall)
$su - geet
[geet@new-host-15 ~]$ export ORACLE_HOME=/u01/app/product/10.2.0/db_1
[geet@new-host-15 ~]$ export ORACLE_SID=orcl
[geet@new-host-15 ~]$ cd $ORACLE_HOME
[geet@new-host-15 db_1]$ cd bin
[geet@new-host-15 bin]$ ./sqlplus / as sysoper
SQL*Plus: Release 10.2.0.1.0 - Production on Wed Mar 7 14:12:19 2012
Copyright (c) 1982, 2005, Oracle. All rights reserved.
Connected.
If this fails:
$ ./sqlplus / as sysoper
SQL*Plus: Release 10.2.0.1.0 - Production on Tue Mar 6 14:17:26 2012
Copyright (c) 1982, 2005, Oracle. All rights reserved.
ERROR:
ORA-01031: insufficient privileges
Then check $ORACLE_HOME/rdbms/lib config.c which looks something like this:
/* SS_DBA_GRP defines the UNIX group ID for sqldba adminstrative access. */
/* Refer to the Installation and User's Guide for further information. */
#define SS_DBA_GRP "dba"
#define SS_OPER_GRP "oper"
char *ss_dba_grp[] = {SS_DBA_GRP, SS_OPER_GRP};
if second #define do not contain oper, but dba, then u have to modify this file as above. After modification you have to relink this executable. To relink I used:
$relink all
But after relinking, I am able to issue
conn / as sysoper
successfully.
but when issuing
SQL> conn scott/tiger
ERROR:
ORA-00600: internal error code, arguments: [17069], [0x30AD70A4], [], [], [],
[], [], []
ERROR:
ORA-00600: internal error code, arguments: [17069], [0x30AD70A4], [], [], [],
[], [], []
Error accessing package DBMS_APPLICATION_INFO
Connected.
This error is solved by running utlirp.sql script by logging as sysdba.
