Oracle9i Installation Guide phần 7 ppsx

Configuration Tasks to Perform as the root User

Post-Installation 4-3

$ORACLE_HOME/bin/ 755

rwxr-xr-x

The oracle user should have read, write

and execute privileges and all users should

have read and execute privileges to this

directory.

The oracle executable, and

the following executables:

$ORACLE_HOME/bin/dbsnmp

$ORACLE_

HOME/bin/oradism

6751

rws-r-s--x

The 6 sets the setuid bit and the setgid

bit so the executables run as the oracle

user and OSDBA group, regardless of who

executes them.

All other executables 755

rwxr-xr-x

The oracle user should have read, write

and execute privileges and all users should

have read and execute privileges to this

directory.

$ORACLE_HOME/lib/ 755

rwxr-xr-x

The oracle user should have read, write

and execute privileges and all other users

should have read and execute privileges to

this directory.

All files under

$ORACLE_HOME/lib/

644

rw-r--r--

The oracle user should have read, write

and execute privileges and the other users

should have read-only privileges to these

files.

$ORACLE_HOME/rdbms/log 751

rwxr-x--x

The oracle user and ORAINVENTORY

group have restricted access to files in the

directory. The other users have execute

privileges.

Product subdirectories such as

$ORACLE_HOME/sqlplus

or

$ORACLE_HOME/rdbms

751

rwxr-x--x

The oracle user and ORAINVENTORY

group have restricted access to log files.The

other users have execute privileges.

Files in

$ORACLE_HOME/sqlplus

or

$ORACLE_HOME/rdbms

644

rw-r--r--

The oracle user should have read and

write privileges and the other users should

have read-only privileges to these files.

Table 4–1 Access Permissions on Oracle Directories and Files (Cont.)

Directories/Files Permissions Comments

Configuration Tasks to Perform as the root User

4-4 Installation Guide

Changing Group Membership of the Apache User

After installing the Oracle9i database, the APACHE account access to the

oraInventory directory needs to be removed in order to ensure database security.

Perform the following tasks:

1. Create a new group to which no other group or user has access.

2. Assign ownership of this group to Apache.

3. Change the APACHE account primary Group Identifier (GID) from the one that

has ownership of the oraInventory directory (typically ORAINVENTORY) to

the new group name.

Automating Database Startup and Shutdown for HP, Linux and Solaris (Optional)

Oracle Corporation recommends that you configure your system to automatically

start Oracle databases when your system starts up, and to shut down Oracle

databases when your system shuts down. Automatic database startup and

shutdown protects against improper shutdown of the database.

The dbstart and dbshut scripts are located in the $ORACLE_HOME/bin directory

and can be used to automate database startup and shutdown. The dbstart and

dbshut scripts reference the same entries in the oratab file, so the scripts must

apply to the same set of databases. For example, you cannot have the dbstart

script automatically start up databases sid1, sid2, and sid3, and the dbshut

script shut down only databases sid1 and sid2. You can, however, specify that the

dbshut script shut down a set of databases while the dbstart script is not used at

$ORACLE_HOME/network

/trace

777

rwxrwxrwx

or

730

rwx-wx---

The oracle user and members of the

ORAINVENTORY group have access to

trace files when 730 is used in the

production environment. 777 allows broad

access to view and create trace files during

development.

All files under product admin

directories, like

$ORACLE_HOME/rdbms

/admin and

$ORACLE_HOME/sqlplus

/admin

644

-rw-r--r--

SQL scripts should typically be run as the

SYS user.

Table 4–1 Access Permissions on Oracle Directories and Files (Cont.)

Directories/Files Permissions Comments