C Creating Operating System Groups and Users Requirements

The appendix explains what operating system groups and users you need to create and how to create them. In particular, this appendix covers the following:

What Operating System Groups and Users Are Required?

The following operating system group and user are required for all installation types:

  • The Oracle Inventory Group (oinstall)

    You must create this group the first time you install Oracle software on the system. The default name chosen for this group is oinstall. This group owns the Oracle inventory that is a catalog of all Oracle software installed on the system.

    Note:

    If Oracle software is already installed on the system, then the existing Oracle Inventory group must be the primary group of the operating system user that you use to install other Oracle software.
  • The Oracle Software Owner User (typically, oracle)

    You must create this user the first time you install Oracle software on the system. This user owns all of the software installed during the installation. This user must have the Oracle Inventory group as its primary group.

    Note:

    In Oracle documentation, this user is referred to as the oracle user.

A single Oracle Inventory group is required for all installations of Oracle software on the system. After the first installation of Oracle software, you must use the same Oracle Inventory group for all subsequent Oracle software installations on that system. However, you can choose to create different Oracle software owner users, OSDBA groups, and OSOPER groups (other than oracle, dba, and oper) for separate installations. By using different groups for different installations, members of these different groups have DBA privileges only on the associated databases rather than on all databases on the system.

How To Create the Operating System Groups and Users?

The following sections describe how to create the required operating system users and groups:

Note:

As an alternative to creating local users and groups, you can create the appropriate users and groups in a directory service, for example, Network Information Services (NIS). For information about using directory services, contact your system administrator or refer to your operating system documentation.

Creating the Oracle Inventory Group

You must create the Oracle Inventory group if it does not already exist. The following subsections describe how to determine the Oracle Inventory group name, if it exists, and how to create it if necessary.

Determining Whether the Oracle Inventory Group Exists

When you install Oracle software on the system for the first time, the oraInst.loc file is created. This file identifies the name of the Oracle Inventory group and the path to the Oracle Inventory directory.

To determine whether the Oracle Inventory group exists, enter the following command:

# more /etc/oraInst.loc

If the output of this command shows the oinstall group name, then the group already exists.

If the oraInst.loc file exists, then the output from this command looks like:

inventory_loc=/u01/app/oracle/oraInventory
inst_group=oinstall

The inst_group parameter shows the name of the Oracle Inventory group, oinstall.

Creating the Oracle Inventory Group

If the oraInst.loc file does not exist, then create the Oracle Inventory group using the following command:

# /usr/sbin/groupadd oinstall

Creating the OSDBA Group

You must create an OSDBA group in the following cases:

  • An OSDBA group does not exist, for example, if you do not have Oracle Database already installed on the system.

  • An OSDBA group exists, but you want to give a different group of operating system users database administrative privileges in a new Oracle installation.

If the OSDBA group does not exist or if you require a new OSDBA group, then create it as follows. In the following command, use the group name dba unless a group with that name already exists.

# /usr/sbin/groupadd dba

Creating an OSOPER Group (Optional)

Create an OSOPER group only if you want to identify a group of operating system users with a limited set of database administrative privileges (SYSOPER operator privileges). For most installations, it is sufficient to create only the OSDBA group. If you want to use an OSOPER group, then you must create it in the following circumstances:

  • If an OSOPER group does not exist, for example, if this is the first installation of Oracle Database software on the system

  • If an OSOPER group exists, but you want to give a different group of operating system users database operator privileges in a new Oracle installation

If you require a new OSOPER group, then create it as follows. In the following command, use the group name oper unless a group with that name already exists.

# /usr/sbin/groupadd oper

Creating the Oracle Software Owner User

You must create an Oracle software owner user in the following circumstances:

  • If an Oracle software owner user does not exist, for example, if this is the first installation of Oracle software on the system

  • If an Oracle software owner user exists, but you want to use a different operating system user, with different group membership, to give database administrative privileges to those groups in a new Oracle Database installation

Determining Whether an Oracle Software Owner User Exists

To determine whether an Oracle software owner user named oracle exists, run the following command:

# id oracle

If the oracle user exists, then the output from this command looks like this:

uid=440(oracle) gid=200(oinstall) groups=201(dba),202(oper)

If the user exists, then determine whether you want to use the existing user or create another oracle user.

Note:

If necessary, contact your system administrator before using or modifying an existing user.

Creating an Oracle Software Owner User

If the Oracle software owner user does not exist or if you require a new Oracle software owner user, then follow these steps to create one. In the following procedure, use the user name oracle unless a user with that name already exists.

  1. To create the oracle user, enter a command similar to the following:

    # /usr/sbin/useradd -g oinstall -G dba[,oper] oracle
    

    In this command:

    • The -g option specifies the primary group, which must be the Oracle Inventory group, for example oinstall

    • The -G option specifies the secondary groups, which must include the OSDBA group and if required, the OSOPER group. For example, dba or dba,oper

  2. Set the password of the oracle user:

    # passwd oracle
    

Note:

Oracle recommends you to use the same UIDs across all the OMSes, especially when you use shared file system loader and Oracle Software Library. If the UIDs are different, then the files created by one OMS cannot be modified by another OMS.

Modifying an Oracle Software Owner User

If the oracle user exists, but its primary group is not oinstall or it is not a member of the appropriate OSDBA or OSOPER groups, then enter a command similar to the following to modify it. Specify the primary group using the -g option and any required secondary group using the -G option:

# /usr/sbin/usermod -g oinstall -G dba[,oper] oracle

Verifying that the User nobody Exists

Before installing the software, follow these steps to verify that the nobody user exists on the system:

  1. To determine whether the user exists, enter the following command:

    # id nobody
    

    If this command displays information about the nobody user, then you do not have to create that user.

  2. If the nobody user does not exist, then enter the following command to create it:

    # /usr/sbin/useradd nobody