19c grid 安装用户要求

建议命令：

groupadd -g 54321 oinstall
groupadd -g 54329 asmadmin
groupadd -g 54327 asmdba
groupadd -g 54328 asmoper

groupadd -g 54322 dba
groupadd -g 54323 oper
groupadd -g 54324 backupdba
groupadd -g 54325 dgdba
groupadd -g 54326 kmdba
groupadd -g 54330 racdba


/usr/sbin/useradd -u 54321 -g oinstall -G dba,oper,backupdba,dgdba,kmdba,asmdba,racdba oracle
/usr/sbin/useradd -u 54331 -g oinstall -G dba,asmdba,asmoper,asmadmin,racdba grid

组和用户要求：

OINSTALL 
数据库软件Inventory Group用户组。
grid
集群软件安装用户。
oracle
数据库软件安装用户。

可选择用户组：
OSDBA ，OSOPER, OSBACKUPDBA, OSDGDBA, OSRACDBA, and OSKMDBA 

检查用户设置：

$ id oracle
uid=54321(oracle) gid=54321(oinstall) groups=54321(oinstall),54322(dba), 
54323(oper),54324(backupdba),54325(dgdba),54326(kmdba),54327(asmdba),54330(racdba)
$ id grid
uid=54331(grid) gid=54321(oinstall) groups=54321(oinstall),54322(dba),
54327(asmdba),54328(asmoper),54329(asmadmin),54330(racdba)

组的的解释：

The OSDBA group (typically, dba)
You must create this group the first time you install Oracle Database software on the system. This group identifies operating system user accounts that have database administrative privileges (the SYSDBA privilege).
If you do not create separate OSDBA, OSOPER, and OSASM groups for the Oracle ASM instance, then operating system user accounts that have the SYSOPER and SYSASM privileges must be members of this group. The name used for this group in Oracle code examples is dba. If you do not designate a separate group as the OSASM group, then the OSDBA group you define is also by default the OSASM group.

############
The OSOPER group for Oracle Database (typically, oper)
OSOPER grants the OPERATOR privilege to start up and shut down the database (the SYSOPER privilege). By default, members of the OSDBA group have all privileges granted by the SYSOPER privilege.

############
The subset of OSDBA job role separation privileges and groups consist of the following:

############
OSBACKUPDBA group for Oracle Database (typically, backupdba)

Create this group if you want a separate group of operating system users to have a limited set of database backup and recovery related administrative privileges (the SYSBACKUP privilege).

############
OSDGDBA group for Oracle Data Guard (typically, dgdba)

Create this group if you want a separate group of operating system users to have a limited set of privileges to administer and monitor Oracle Data Guard (the SYSDG privilege). To use this privilege, add the Oracle Database installation owners as members of this group.

############
The OSKMDBA group for encryption key management (typically, kmdba)

Create this group if you want a separate group of operating system users to have a limited set of privileges for encryption key management such as Oracle Wallet 

Manager management (the SYSKM privilege). To use this privilege, add the Oracle Database installation owners as members of this group.

############
The OSRACDBA group for Oracle Real Application Clusters Administration (typically, racdba)

Create this group if you want a separate group of operating system users to have a limited set of Oracle Real Application Clusters (RAC) administrative privileges (the SYSRAC privilege). To use this privilege:

Add the Oracle Database installation owners as members of this group.

For Oracle Restart configurations, if you have a separate Oracle Grid Infrastructure installation owner user (grid), then you must also add the grid user as a member 

of the OSRACDBA group of the database to enable Oracle Grid Infrastructure components to connect to the database.

########
The OSASM group for Oracle ASM Administration (typically, asmadmin)

Create this group as a separate group to separate administration privileges groups for Oracle ASM and Oracle Database administrators. Members of this group are granted the SYSASM system privileges to administer Oracle ASM. In Oracle documentation, the operating system group whose members are granted privileges is called the OSASM group, and in code examples, where there is a group specifically created to grant this privilege, it is referred to as asmadmin.

########
The OSOPER group for Oracle ASM (typically, asmoper)

This is an optional group. Create this group if you want a separate group of operating system users to have a limited set of Oracle instance administrative privileges (the SYSOPER for ASM privilege), including starting up and stopping the Oracle ASM instance. By default, members of the OSASM group also have all privileges granted by the SYSOPER for ASM privilege.