If you work in a company with a system administrator (SA), then steps 1 and 2 are usually performed by the SA. If you don’t have a SA, then you have to perform these steps yourself (this is often the case in small companies, where you may be required to perform many different job functions). Even if you have root access, you should not install Oracle as root. The grid software should be installed and owned by the grid user and the database software as oracle. You will need root to create the users oracle and grid and to create the groups as needed.
In the old days, a typical Oracle installation would contain one OS group (dba) and one OS user (oracle). You can still install the Oracle software using this minimalistic approach. If there is just one DBA in your company and you don’t need a more granular division of privileges among team members, then this method works well, with one user and one group.
However, there are multiple OS groups that Oracle recommends you create, and you can add different OS users and assign them to groups on an as-needed basis depending on their job function. When an OS user is assigned to a group, that assignment provides the user with specific database privileges. Table 1-1 shows the OS groups and how each group maps to corresponding database privileges. For example, if you have a user who is responsible only for monitoring a database and that only needs privileges to start up and shut down the database, then that user would be assigned the oper group (which ensures that subsequent connections to the database can be done with sysoper privileges).
Table1-1.MappingofOS Groups to Privileges
Table 1-1 contains recommended group names. You don’t have to use the exact names of the groups listed, and you can adjust per your requirements. You might have a group of development DBAs, so you can have dbadev group for the Oracle binaries in the development databases. Each group would have permissions to manipulate only its set of binaries.
Once you decide which groups you need, then you need access to the root user to run the groupadd command or request the users be added to the created groups depending on your user security policies. As root, add the OS groups that you need as in the following examples:
$ groupadd oinstall
$ groupadd dba
$ groupadd oper
If you don’t have access to the root account, then you need to get your SA to run the commands, but you can verify that each group was added successfully by inspecting the contents of the /etc/group file. Here are typical entries created in the /etc/group file:
$ cat /etc/group oinstall:x:500: dba:x:501: oper:x:502:
Now, create the oracle OS user. The following example explicitly sets the group ID to 500, establishes the primary group as oinstall, and assigns the dba groups to the newly created oracle user:
$ useradd -u 500 -g oinstall -G dba,oper oracle
Note: Depending on your OEL release, OEL 9 will have higher UIDs in the 1000 to 60000 range.
You can verify the user account information by viewing the /etc/passwd file:
$ cat /etc/passwd oracle:x:500:500::/home/oracle/:/bin/bash