Problemm with dba group vs oinstall group

thiyagusham · 01-03-2013, 03:32 PM

Hi to all ;

This is related to oracle as well as some os related security problems. please clarify it. I tried but couldn't solve it!
All information's given here ..

Testing from user 'A'

PHP Code:




# useradd -m -g oinstall a 

# passwd a

Changing password for user a.

New UNIX password:

BAD PASSWORD: it's WAY too short

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

su - a

[a@testorcl ~]$ export 

ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1

$ export PATH=$PATH:$ORACLE_HOME/bin

$ export ORACLE_SID=testdb

$ sqlplus /nolog

SQL*Plus: Release 10.2.0.1.0 - Production on Thu Jan 3 01:33:49 2013
Copyright (c) 1982, 2005, Oracle.  All rights reserved.

Testing From user 'b' :

PHP Code:



# useradd -m -g dba b

# passwd b

Changing password for user b.

New UNIX password:

BAD PASSWORD: it's WAY too short

Retype new UNIX password:

passwd: all authentication tokens updated successfully.

su - b

Password:

$ export ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1

$ export PATH=$PATH:$ORACLE_HOME/bin

$ export ORACLE_SID=testdb

$ sqlplus /nolog

sqlplus: error while loading shared libraries: libsqlplus.so: cannot open shared object file: No such file or directory

[b@testorcl ~]$

$ find / -name libsqlplus\* -ls 2>/dev/null

PHP Code:



1378188 1296 -rw-r-----  1 oracle   oinstall  1319436 Jun 22  2005 /u01/app/oracle/product/10.2.0/db_1/lib/libsqlplus.a
1378193 1028  -rw-r----- 1 oracle   oinstall  1047293 Jun 22  2005  /u01/app/oracle/product/10.2.0/db_1/lib/libsqlplus.so

SQLPLUS LOCATION with associated group

PHP Code:



$ ls -l $ORACLE_HOME 
drwxr-x--- 9 oracle oinstall 4096 Dec 24 03:28 sqlplus

Please Note :

USER 'a' belongs oinstall group.
USER 'b' belongs dba group.

My questions are :

1.why OS user can access database with oinstall group ?
2.why OS user can't access database with dba group ?

Note: This is concept of oracle

To connect as sysdba using OS Authentication ; UNIX OS user must be a part of OSDBA (dba) group.
Once the user is part of OSDBA group.

Quote:

but in dba group with os user , can't connect sqlplus

Regards
Thiyagusham .G

Habitual · 01-03-2013, 04:59 PM

oinstall is for, well the INSTALLATION.
the dba designation is for the administration of the Oracle db, (after the install).

what are the $PATH differences between A and B ?

Code:

sqlplus: error while loading shared libraries: libsqlplus.so: cannot open shared object file: No such file or directory

probably is a path issue.

Check the documentation.

chrism01 · 01-03-2013, 05:36 PM

Actually, that would be the LD_LIBRARY_PATH https://kamranagayev.files.wordpress..._install22.jpg.
You're still going to have perm problems, as according to you (OP), only the oracle user or members of the oinstall group can run that code anyway....
Check the Oracle docs; you may need to add user b to multiple groups; oinstall and dba.

thiyagusham · 01-03-2013, 05:48 PM

Hi Chrosm01 , Habitual;

You are right. As Oracle user i don't have any problem. test DB works well.
I tried to set OS authentication for limited OS users ( sam=a , sona=b)
I was testing with user a and user b ..

Quote:

As per doc : If User belongs dba group , they can connect with sqlplus ..

I have knowledge about permission settings. What's the problem here
So that i am asking .Kindly help me resolve this.

thiyagusham · 01-03-2013, 06:12 PM

Hi to all ;

"No need to add user b to multiple groups; oinstall and dba."

This is the problem

Quote:

user 'a' can connect with sqlplus belongs 'oinstall group"
user 'b' can't with sqlplus belongs 'dba group"

Habitual · 01-03-2013, 06:31 PM

Everything I learned about installing and configuring Oracle came from http://www.puschitz.com/OracleOnLinux.shtml

It's all "there" and at OTN

thiyagusham · 01-05-2013, 03:24 PM

Hello to all;

I suspect permissions set incorrectly.

I tried to find file location but getting error.

PHP Code:



$ locate changePerm.sh 
warning: locate: could not open database: /var/lib/slocate/slocate.db: No such file or directory 
warning: You need to run the 'updatedb' command (as root) to create the database. 
Please have a look at /etc/updatedb.conf to enable the daily cron job.

Habitual · 01-05-2013, 05:15 PM

Code:

sudo updatedb

changePerm.sh ?
What does that have to do with oracle groups and sqlplus paths ?

thiyagusham · 01-05-2013, 05:29 PM

Hi Habitual;

Did u expect this ?

Quote:

$ cd sqlplus
[oracle@testorcl sqlplus]$ pwd
/u01/app/oracle/product/10.2.0/db_1/sqlplus

>> I tried to change permission regarding above mentioned error >>

Quote:

[oracle@testorcl install]$ ./changePerm.sh
-bash: ./changePerm.sh: No such file or directory
[oracle@testorcl install]$ cd
[oracle@testorcl ~]$ whereis changePerm.sh
changePerm:
[oracle@testorcl ~]$

but continuously getting error.

Habitual · 01-06-2013, 09:40 AM

Not really.

We have suggested group permissions and you are off trying to manipulate file permissions....

Since you can't stay on topic, or pursue the LD_LIBRARY_PATH path variable as Chris has suggested, I now exit the conversation.

Database Administrator Authentication
oinstall vs. dba UNIX Group
What is LD_LIBRARY_PATH env variable for?

Maybe Oracle is not suited for you?

thiyagusham · 01-06-2013, 09:45 AM

Hi habitual;

i did n't understand

Maybe Oracle is not suited for you?

Quote:

Did you mean i am not capable to work in oracle?

NevemTeve · 01-06-2013, 10:06 AM

To OP: Well, if you are unfamiliar with linux, you should call oraenv, as Oracle suggests.