I have a new server running OEL6 that I plan to install EM 12C and a database using ASM.
My install user is 'oracle'. Documentation states that 'oracle' should have the primary group of 'oinstall' and a secondary group of 'dba'.
Awhile back (before things were Grid Infrastructure) we had some problems with an install and an Oracle support person told me to get rid of 'oinstall', and soley rely on 'dba'. She talked about the numerous support calls serviced by introducing both groups.
I took her advice, and most of our things are still running with 'oracle' and 'dba'.
But, we are embarking into a new world, and perhaps the 'oinstall' and 'dba' issues have been worked out, and there is a benefit to having multiple groups. We are a pretty small shop and don't have different groups doing things; we are mostly a few of us required to do it all. In that sense, less is more--more easier to support.
Are there recommendations for the 'oinstall' and 'dba' groups? Pitfalls encountered?
Have a look at the following MOS note:
UNIX: Do I Need To Use The "oinstall" Group? (Doc ID 463052.1)
One thing to keep in mind is the Cloud Control Agent needs to access files in Oracle Inventory and files in Oracle home/base of certain types of target; e.g., the agent needs to read the alert log file of a monitored database target. Thus, the agent software owner needs to be in the same OS group with the owner of the Oracle Inventory and the software owner(s) of the targets it monitors.
Most of the documentation that I've read, including the note you mention, says that going forward from 11.2, oinstall should always be used. I think it's a blanket statement intended to cover all bases, and I can understand that architecture in a large group, where one group might be responsible for an install, another group for managing a database, and perhaps someone else managing storage. I'm trying to undersand how oinstall vx dba groups are used, and why oinstall is so important.
In our group, there are just a few of us, and we do it all.
We have 5 clusters wiht 28 managed databases at 11.1. All of those were installed with the primary group of dba, and a secondary ground of oinstall. They've been working fine for a few years.
We are now installing EM12C grid on a new machine, starting with grid infrastructure to get ASM installed, so that our repository database can use it.
So, on this Linux box we will have ASM, database, agent and OMS. It's a standalone box, and our primary group is oinstall.
I have been having trouble getting the first step of this completed, installing GI to get ASM up and running. But, that's not part of this question.
Once I get this all configured and running, I will have to install the new agent on all of our targets. Over on those old boxes, he'll still be installed as 'dba', which can read all of the targets. So I think I'm okiay. It's just that I'm stuck with one foot in each door. But having 2 groups for the 'oracle' user will make it okay.
Using group oinstall (in addition to group dba) is basically a best practice that facilitates segregation of duties. If segregation of duties is unnecessary in your case, then you don't really need to use group oinstall in addition to group dba.