Oinstall
Jeanine Filbey
Some time ago, Oracle introduced multiple groups to install and manage a database (namely oinstall and dba), but I have never quite come to terms with why we need them both ?
If I create the oracle user belonging to both groups, but oinstall is the primary group, then when I install the software (binaries), all files belong to the oinstall group - which is fine. But, then when I create the database, all the database files are owned by the oiinstall group as well ? How does that segragate permissions ?
In my / directory of linux system I have created u01 folder. I changed the ownership of this u01 folder from root:root to oracle:oinstall (oracle user and oinstall group). Now when I am mounting /dev/sda4 to u01 using:
sudo mount /dev/sda4 /u01
I trying change owner of a directory. There was a mess before that about /etc/group file. There was a group named "500" and oinstall group id was 15001. I changed these configs manually via group file and I rebooted the system.
After that I check the directory for user and group and these like "oracle 500". There is no group named "500" in /etc/group I used "chown" command for change the group 500 to oinstall but system gave an error like this:
However, if you use Oracle Preinstallation RPM to provision your Linux operating system for an Oracle Grid Infrastructure or Oracle Database installation, then it configures an Oracle database installation owner (oracle), an Oracle Inventory group (oinstall), and an Oracle administrative privileges group (dba).
If you prefer to allocate operating system user privileges so that you can use one administrative user and one group for operating system authentication for all administrative privileges, then you can use the oracle user as the installation owner, and use one group as the primary group for any user requiring administrative privileges for Oracle ASM, and Oracle Database administration. This group must also be the Oracle Inventory group. To simplify using the defaults for Oracle tools the group name should be oinstall.
When you install Oracle software on the system for the first time, Oracle Universal Installer creates the oraInst.loc file. This file identifies the name of the Oracle Inventory group (typically, oinstall) and the path of the Oracle Inventory directory.
To create separate Oracle software owners and separate operating system privileges groups for different Oracle software installations, note that each of these users must have the Oracle central inventory group (oraInventory) as their primary group. Members of this group have write privileges to the Oracle central inventory (oraInventory) directory, and are also granted permissions for various Oracle Restart resources and directories in the Oracle Restart home to which DBAs need write access, and other necessary privileges. In Oracle documentation, this group is represented as oinstall in code examples. See "Creating the Oracle Inventory Group If an Oracle Inventory Does Not Exist".
If the oracle user exists, but its primary group is not oinstall, or it is not a member of the appropriate OSDBA, OSOPER, or OSDBA for ASM groups, then modify the user group settings for the user oracle.
You must create this group the first time you install Oracle software on the system. The default name chosen for this group is oinstall. This group owns the Oracle inventory that is a catalog of all Oracle software installed on the system.
If the oracle user exists, but its primary group is not oinstall or it is not a member of the appropriate OSDBA or OSOPER groups, then enter a command similar to the following to modify it. Specify the primary group using the -g option and any required secondary group using the -G option:
For example, given the user oracle and Oracle Inventory Group oinstall, and using the paths /u03/oradata/wrk_area for Oracle Database files, and /u01/oradata/rcv_area for the recovery area, these commands create the recommended subdirectories in each of the mount point directories and set the appropriate owner, group, and permissions on them:
I first used my current settings, which shows oinstall as primary group, and when I relink the oracle executable the group set with the oracle executable is oinstall. This is shown in lines 5-15. Next, I switch the primary group of the oracle user to test_group and execute linking again. Now the group of the oracle executable is test_group.
When you install Oracle software, you install it as the user oracle. This allows you to apply certain security and tuning settings to the software without having to change settings for other users on the system. In this section, the oracle userwill is created and the dba and oinstall groups which have special permissions on the software are installed.
# groupadd dba
# groupadd oinstall
# useradd -m -g oinstall -G dba oracle
The oracle user is now set up and belongs to both the oinstall group and the dba group. To set the password for the oracle user, invoke the passwd commandas root passing the username as an argument.
Viewed 1000+ timesYou Asked hi Tom,
why do we need the oinstall group while installing oracle database on linux?
what is the use of this group?
and Connor said...Its mainly for those organizations that have a separation of duties, where
- one group is responsible for installation/management of database software
- a different group is the dba's.
or it might even be one group owns "all" of the oracle software (database, EM, agents, weblogic, OID etc etc etc), and only a portion of that software should be accessible to dba's.
It's not uncommon for places to set 'dba' as the primary group and use that exclusively if it reflects the organization structure of a business (ie, "dba has to do everything")
We're not taking comments currently, so please try again later if you want to add a comment. Connor and Chris don't just spend all day on AskTOM. You can also catch regular content via Connor's blog and Chris's blog. Or if video is more your thing, check out Connor's latest video and Chris's latest video from their Youtube channels. And of course, keep up to date with AskTOM via the official twitter account. More to Explore Live SQLShare and learn SQL and PL/SQL; free access to the latest version of Oracle Database!
The executable known as oinstall.exe has raised concerns about its legitimacy and security due to some malware detection programs flagging it as potentially hazardous. It has been identified as a Trojan.Gen.2 or Trojan.Smoaler, PUA:Win32/AutoKMS, HackTool:Win32/AutoKMS by Defender, and other similar anti-malware or security software.
df19127ead