Oracle7 Administrator's Reference for UNIX

Managing Special Accounts and Groups

The DBA should be familiar with special accounts required by the Oracle Server, and should make sure these accounts belong to the appropriate groups. The following section describes special user accounts.

Special Accounts

UNIX Accounts

oracle	The oracle software owner represents the account that owns the Oracle7 software. This maintenance account requires DBA privileges in order to CREATE, STARTUP, SHUTDOWN, and CONNECT as INTERNAL to the database. The oracle software owner is never the superuser.
root	The root user is a special UNIX account with maximum privileges (called superuser privileges). This account is used to configure the UNIX kernel, configure and install networking software, and create user accounts and groups.

Oracle Server Accounts

SYS	This is a standard Oracle7 account with DBA privileges automatically created during installation. The SYS account owns all the base tables for the data dictionary. This account is used by the DBA.
SYSTEM	This account is also a standard Oracle7 account, with DBA privileges automatically created during installation. Additional tables or views can be created by the SYSTEM user. DBAs may log in as SYSTEM to monitor or maintain databases.

See Also: Part IV, "Database Security", in the Oracle7 Server Administrator's Guide.

Special Groups

The following section describes special group accounts you can create:

oracle group To give a subset of UNIX users access to the Oracle7 system, add an oracle group of authorized users. The default group ID is oracle. The oracle software owner must be a member of the oracle group, if you create it.
dba group The oracle software owner is the only required member of the dba group. You can add the root user, or any other UNIX user, to the dba group. Members of this group have access to Server Manager specially privileged functions. If your account is not a member of the dba group, you must enter a password in order to connect as INTERNAL or gain access to the other administrative functions of Server Manager. The default group ID is dba.
oper group This is an optional UNIX group you can create. Members have database OPERATOR privileges. OPERATOR privileges are a restricted set of administrative privileges.
root group Only the root user should be a member of the root group.

oracle group	To give a subset of UNIX users access to the Oracle7 system, add an oracle group of authorized users. The default group ID is oracle. The oracle software owner must be a member of the oracle group, if you create it.
dba group	The oracle software owner is the only required member of the dba group. You can add the root user, or any other UNIX user, to the dba group. Members of this group have access to Server Manager specially privileged functions. If your account is not a member of the dba group, you must enter a password in order to connect as INTERNAL or gain access to the other administrative functions of Server Manager. The default group ID is dba.
oper group	This is an optional UNIX group you can create. Members have database OPERATOR privileges. OPERATOR privileges are a restricted set of administrative privileges.
root group	Only the root user should be a member of the root group.