This discussion is archived
2 Replies Latest reply: Sep 8, 2010 6:33 AM by François Lange RSS

Security issue with the SGA and multiple installation group.

404223 Newbie
Currently Being Moderated
Hi,

Documentation ARE WRONG:

http://download.oracle.com/docs/cd/E11882_01/rac.112/e10743/preparing.htm#TDPRC131
# useradd -u 1100 –g oinstall -G dba -d /home/oracle -r oracle

http://download.oracle.com/docs/cd/E11882_01/install.112/e10816/typinstl.htm#CWSOL156
# useradd -u 1100 -g oinstall -G dba oracle

The "-g" and "-G" must be exchange!

In an advanced installation with multiple Oracle users call them ( ora1, ..., orai, ..., oran )
with multiple OSdba group defined users call them ( dba1, ..., dbai, ..., dban)
Associate each oracle user to a dba group with the same number and the install group as oracle told it.
User ora1 group dba1
...
User orai group dbai
...
User oran group dban

Now make the software installationS with the group OSinstall ( install) as written in the documentation, in 3 Oracle_home

Call the oracle_home1, oracle_home2, oracle_home3


Now check semaphores, Sharedmemory and files!


ipcs -msa
IPC status from <running system> as of Thu Apr 29 12:14:06 CEST 2010
T ID KEY MODE OWNER GROUP CREATOR CGROUP NATTCH SEGSZ CPID LPID ATIME DTIME CTIME
Shared Memory:
m 16777246 0x6525858 rw-rw-- oracle2 install oracle2 install 36 5368725504 3479 4298 12:10:01 12:10:31 16:30:45
T ID KEY MODE OWNER GROUP CREATOR CGROUP NSEMS OTIME CTIME
Semaphores:
s 50331701 0xb7892c1a ra-ra-- oracle2 install oracle2 install 202 16:30:47 16:30:45
s 50331700 0xb7892c19 ra-ra-- oracle2 install oracle2 install 202 no-entry 16:30:45
s 50331699 0xb7892c18 ra-ra-- oracle2 install oracle2 install 202 12:13:48 16:30:45

ls -l $OSD/oradata/*/*/* | sed s/oracle/oracle2/
-rw-r----- 1 oracle2 install 11600384 Apr 14 18:30 /app1/oracle/admin/ora11g/oradata/ORA11G/changetracking/o1_mf_5wcsdcfh_.chg
-rw-r----- 1 oracle2 install 11600384 Apr 15 15:08 /app1/oracle/admin/ora11g/oradata/ORA11G/changetracking/o1_mf_5wf7787k_.chg
-rw-r----- 1 oracle2 install 11600384 Apr 29 13:05 /app1/oracle/admin/ora11g/oradata/ORA11G/changetracking/o1_mf_5wg8jggf_.chg
-rw-r----- 1 oracle2 install 16695296 Apr 29 13:05 /app1/oracle/admin/ora11g/oradata/ORA11G/controlfile/o1_mf_5wg4j9go_.ctl
-rw-r----- 1 oracle2 install 524296192 Apr 29 03:05 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_aud__dol_5wg4mntr_.dbf
-rw-r----- 1 oracle2 install 104865792 Apr 29 03:05 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_aud__dol_5wg4mp3v_.dbf
-rw-r----- 1 oracle2 install 209723392 Apr 29 03:05 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_example_5wg4ml5z_.dbf
-rw-r----- 1 oracle2 install 419438592 Apr 29 13:05 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_stat_dba_5wg4mmhg_.dbf
-rw-r----- 1 oracle2 install 2097160192 Apr 29 13:05 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_sys_undo_5wg4kf8n_.dbf
-rw-r----- 1 oracle2 install 2097160192 Apr 29 03:05 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_sys_undo_5wg4lss2_.dbf
-rw-r----- 1 oracle2 install 1363156992 Apr 29 13:05 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_sysaux_5wg4k1xf_.dbf
-rw-r----- 1 oracle2 install 1048584192 Apr 29 13:05 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_system_5wg4jp26_.dbf
-rw-r----- 1 oracle2 install 209723392 Apr 28 22:01 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_temp0_5wg4l302_.tmp
-rw-r----- 1 oracle2 install 209723392 Apr 15 16:06 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_temp1_5wg4lsod_.tmp
-rw-r----- 1 oracle2 install 104865792 Apr 29 03:05 /app1/oracle/admin/ora11g/oradata/ORA11G/datafile/o1_mf_users_5wg4l33f_.dbf
-rw-r----- 1 oracle2 install 104858112 Apr 29 13:05 /app1/oracle/admin/ora11g/oradata/ORA11G/onlinelog/o1_mf_1_5wg4jb44_.log
-rw-r----- 1 oracle2 install 104858112 Apr 28 21:00 /app1/oracle/admin/ora11g/oradata/ORA11G/onlinelog/o1_mf_2_5wg4jdn6_.log
-rw-r----- 1 oracle2 install 104858112 Apr 28 22:00 /app1/oracle/admin/ora11g/oradata/ORA11G/onlinelog/o1_mf_3_5wg4jgw8_.log
-rw-r----- 1 oracle2 install 104858112 Apr 29 03:00 /app1/oracle/admin/ora11g/oradata/ORA11G/onlinelog/o1_mf_4_5wg4jk64_.log
-rw-r----- 1 oracle2 install 104858112 Apr 29 13:01 /app1/oracle/admin/ora11g/oradata/ORA11G/onlinelog/o1_mf_5_5wg4jmcd_.log


ls -l $OH/bin/oracle | sed s/oracle/oracle2/
-rwsr-s--x 1 oracle2 install 256263032 Apr 14 13:54 /app1/oracle/product/11.2.0_64/db_1/bin/oracle*


That the evidence the documentation provide you a wrong way to do it!

François LANGE