ASM操作系统用户组类型及职责
OSASM group
This group is granted the SYSASM privilege, which provides full administrative privileges for the Oracle ASM instance. For example, the group could be asmadmin.
OSDBA for Oracle ASM group
This group is granted the SYSDBA privilege on the Oracle ASM instance, which grants access to data stored on Oracle ASM. This group has a subset of the privileges of the OSASM group.
When you implement separate administrator privileges, choose an OSDBA group for the Oracle ASM instance that is different than the group that you select for the database instance, such as dba. For example, the group could be asmdba.
OSOPER for Oracle ASM group
This group is granted the SYSOPER privilege on the Oracle ASM instance, which provides operations such as startup, shutdown, mount, dismount, and check disk group. This group has a subset of the privileges of the OSASM group. For example, the group could be asmoper.
chgrp 修改文件的用户组属性
Changes the user group of a file or list of files.
chgrp usergroup file [file ...]
The options for the chgrp command are described below.
usergroup - Name of the user group.
file - Name of a file.
ASMCMD> chgrp asmdata +OHSDBA/ohs-cluster/ASMPARAMETERFILE/REGISTRY.253.911689503 ASMCMD> ASMCMD> ls --permission +OHSDBA/ohs-cluster/ASMPARAMETERFILE/REGISTRY.253.911689503 User Group Permission Name asmdata rw-rw-rw- REGISTRY.253.911689503 ASMCMD>
chmod 修改文件的属性
Changes permissions of a file or list of files.
chmod mode file [file ...]
mode can one of the following forms:
{ ugo | ug | uo | go | u | g | o | a } {+|- } {r|w |rw}
a specifies permissions for all users, u specifies permissions for
the owner of the file, g specifies the group permissions, and
o specifies permissions for other users.
{ 0|4|6} {0|4|6} {0|4|6}
The first digit specifies owner permissions, the second digit
specifies group permissions, and the third digit specifies other
permissions.
The options for the chmod command are described below.
6 - Read write permissions
4 - Read only permissions
0 - No permissions
u - Owner permissions, used with r or w
g - Group permissions, used with r or w
o - Other user permissions, used with r or w
a - All user permissions, used with r or w
+ - Add a permission, used with r or w
- - Removes a permission, used with r or w
r - Read permission
w - Write permission
file - Name of a file
ASMCMD> ls --permission User Group Permission Name ASM/ ohs/ ohs-cluster/ undotbs02.dbf => +OHSDBA/ASM/DATAFILE/undotbs02.dbf.256.911862393 ASMCMD> chmod 660 undotbs02.dbf ASMCMD> ls --permission +OHSDBA/ASM/DATAFILE/undotbs02.dbf.256.911862393 User Group Permission Name oracle asmdata rw-rw---- undotbs02.dbf.256.911862393 ASMCMD>
chown 修改文件的owner
Changes the owner of a file or list of files.
chown user[:usergroup ] file [file ...]
The options for the chown command are described below.
user - The name of the user that becomes the new owner.
usergroup - Name of the user group to which the user belongs.
file - Name of a file.
user typically refers to the user that owns the database instance
home. Oracle ASM File Access Control uses the operating system (OS)
name to identify a database.
ASMCMD> chown oracle:asmdata undotbs02.dbf ASMCMD> ls --permission +OHSDBA/ASM/DATAFILE/undotbs02.dbf.256.911862393 User Group Permission Name oracle asmdata rw-rw---- undotbs02.dbf.256.911862393 ASMCMD> chown oracle1:asmdata undotbs02.dbf ASMCMD> ls --permission +OHSDBA/ASM/DATAFILE/undotbs02.dbf.256.911862393 User Group Permission Name oracle1 asmdata rw-rw---- undotbs02.dbf.256.911862393 ASMCMD>
groups 列出用户的组名称
Lists all the user groups to which the specified user belongs.
groups diskgroup user
The options for the groups command are described below.
diskgroup - Name of the disk group to which the user belongs.
user - Name of the user.
ASMCMD> groups ohsdba oracle asmdata ASMCMD> groups ohsdba oracle1 ASMCMD> lsusr DG_Name User_Num OS_ID OS_Name OHSDBA 1 500 oracle OHSDBA 2 502 oracle1 ASMCMD>
grpmod 从ASM用户组中增加或移除OS用户
Adds or removes operating system (OS) users to and from an
existing Oracle ASM user group.
grpmod { --add | --delete } diskgroup usergroup user [user...]
The options for the grpmod command are described below.
--add - Specifies to add users to the user group.
--delete - Specifies to delete users from the user group.
diskgroup - Name of the disk group to which the user group belongs
usergroup - Name of the user group.
user - Name of the user to add or remove from the user group.
ASMCMD> lsgrp -a DG_Name Grp_Name Owner Members OHSDBA asmdata oracle oracle ASMCMD>
ASMCMD> grpmod --add ohsdba asmdata oracle1 --增加OS用户Oracle1到asmdata ASM用户组
ASMCMD> lsgrp -a DG_Name Grp_Name Owner Members OHSDBA asmdata oracle oracle oracle1 ASMCMD>
lsgrp 列出ASM用户组
Lists all Oracle ASM user groups or only groups that match a
specified pattern.
lsgrp [-a] [--suppressheader] [ -G diskgroup ] [ pattern ]
The options for the lsgrp command are described below.
-a - Lists all columns.
--suppressheader - Suppresses column headings.
-G diskgroup - Limits the results to the specified disk group name.
pattern - Displays the user groups that match the
pattern expression.
ASMCMD> lsgrp -a DG_Name Grp_Name Owner Members OHSDBA asmdata oracle oracle ASMCMD> lsgrp DG_Name Grp_Name Owner OHSDBA asmdata oracle ASMCMD> lsgrp ohsdba DG_Name Grp_Name Owner ASMCMD> lsgrp -G ohsdba DG_Name Grp_Name Owner OHSDBA asmdata oracle ASMCMD>
lsusr 列出磁盘组中ASM用户
Lists Oracle ASM users in a disk group.
lsusr [-a] [--suppressheader] [ -G diskgroup ] [ pattern ]
The options for the lsusr command are described below.
-a - List all users and the disk groups to which
the users belongs.
--suppressheader - Suppresses column headings.
-G diskgroup - Limits the results to the specified disk group name.
pattern - Displays the users that match the pattern expression.
ASMCMD> lsusr DG_Name User_Num OS_ID OS_Name OHSDBA 1 500 oracle ASMCMD> ASMCMD> lsusr -G ohsdba User_Num OS_ID OS_Name 1 500 oracle ASMCMD>
lspwusr 列出本地ASM密码文件中的用户
List the users from the local Oracle ASM password file
lspwusr [--suppressheader]
The options for the lspwusr command are described below.
--suppressheader - Suppresses column headers from the output.
ASMCMD> lspwusr Username sysdba sysoper sysasm SYS TRUE TRUE TRUE ASMSNMP FALSE TRUE FALSE ASMCMD>
mkgrp 创建一个ASM用户组
Creates a new Oracle ASM user group.
mkgrp diskgroup usergroup [user] [user...]
The options for the mkgrp command are described below.
diskgroup - Name of the disk group to which the user group
will be added.
usergroup - Name of the user group to add. 30 is the maximum
number of characters.
user - Name of the database user to add to the user group.
ASMCMD> mkgrp ohsdba asmdata oracle ASMCMD>
mkusr 为Disk Group增加一个OS用户
Adds an operating system (OS) user to a disk group.
mkusr diskgroup user
The options for the mkusr command are described below.
diskgroup - Specifies the name of the disk group to which
the user is to be added.
user - Name of the user that you want to add.
[root@ohs1 ~]# useradd -g oinstall -G dba ohsdba ASMCMD> mkusr ohsdba ohsdba ORA-15032: not all alterations performed ORA-15304: operation requires ACCESS_CONTROL.ENABLED attribute to be TRUE (DBD ERROR: OCIStmtExecute) ASMCMD> lsattr -G ohsdba -l Name Value access_control.enabled FALSE access_control.umask 066 au_size 1048576 cell.smart_scan_capable FALSE compatible.advm 11.2.0.0.0 compatible.asm 11.2.0.0.0 compatible.rdbms 11.2.0.0.0 disk_repair_time 8h sector_size 512 ASMCMD> setattr access_control.enabled true -G ohsdba ASMCMD> lsattr -G ohsdba -l Name Value access_control.enabled true access_control.umask 066 au_size 1048576 cell.smart_scan_capable FALSE compatible.advm 11.2.0.0.0 compatible.asm 11.2.0.0.0 compatible.rdbms 11.2.0.0.0 disk_repair_time 8h sector_size 512 ASMCMD> ASMCMD> mkusr ohsdba oracle1 ASMCMD> lsusr DG_Name User_Num OS_ID OS_Name OHSDBA 1 500 oracle OHSDBA 2 502 oracle1 ASMCMD>
passwd 修改ASM实例用户密码
Changes the password of a user. passwd user The options for the passwd command are described below. user - Name of the user. An error is raised if the user does not exist in the Oracle ASM password file. The user is first prompted for the current password, then the new password. The command requires the SYSASM privilege to run ASMCMD> lspwusr Username sysdba sysoper sysasm SYS TRUE TRUE TRUE ASMSNMP FALSE TRUE FALSE ASMCMD> passwd sys Enter old password (optional): Enter new password: ****** ASMCMD> passwd asmsnmp Enter old password (optional): Enter new password: ****** ASMCMD>
orapwusr 增加、删除、修改ASM密码文件中用户
Add, drop, or modify an Oracle ASM password file user.
orapwusr { { { --add | --modify [--password] }[--privilege {sysasm|sysdba|sysoper} ] } | --delete } user
The options for the orapwusr command are described below.
--add - Adds a user to the password file. Also prompts
for a password.
--delete - Drops a user from the password file.
--modify - Changes a user in the password file.
--privilege role - Sets the role for the user. The options are
sysasm, sysdba, and sysoper.
--password - Prompts for and then changes the password
of a user.
user - the user to add, drop, or modify.
ASMCMD> orapwusr --add --privilege sysdba robin Enter password: ****** ASMCMD> lspwusr Username sysdba sysoper sysasm SYS TRUE TRUE TRUE ASMSNMP FALSE TRUE FALSE ROBIN TRUE FALSE FALSE ASMCMD>
rmgrp 移除磁盘组的用户组,移除之后,之前已owner过的文件group会变为空
Removes a user group from a disk group.
rmgrp diskgroup usergroup
The options for the rmgrp command are described below.
diskgroup - Name of the disk group to which the user group belongs
usergroup - Name of the user group to delete.
Note that removing a group might leave some files without a valid group.
To ensure that those files have a valid group, explicitly update those
files to a valid group. See "chgrp".
ASMCMD> rmgrp ohsdba asmdata ASMCMD> lsgrp -a DG_Name Grp_Name Owner Members ASMCMD> lsusr -a DG_Name User_Num OS_ID OS_Name OHSDBA 1 500 oracle ASMCMD> ASMCMD> ls --permission +OHSDBA/ASM/DATAFILE/undotbs02.dbf.256.911862393 User Group Permission Name oracle rw-rw---- undotbs02.dbf.256.911862393 ASMCMD>
rmusr 从磁盘组中删除OS用户
Deletes an operating system (OS) user from a disk group.
rmusr [-r] diskgroup user
The options for the rmusr command are described below.
-r - Removes all files in the disk group that the user
owns at the same time that the user is removed.
diskgroup - Specifies the name of the disk group from which
the user is to be deleted.
user - Name of the user that you want to delete.
ASMCMD> rmusr ohsdba oracle1 ORA-15032: not all alterations performed ORA-15280: user 'oracle1' owns existing files (DBD ERROR: OCIStmtExecute) ASMCMD> ASMCMD> ls --permission +OHSDBA/ASM/DATAFILE/undotbs02.dbf.256.911862393 User Group Permission Name oracle1 asmdata rw-rw---- undotbs02.dbf.256.911862393 ASMCMD> chown oracle.asmdata +OHSDBA/ASM/DATAFILE/undotbs02.dbf.256.911862393 ASMCMD> ASMCMD> rmusr ohsdba oracle1 ASMCMD> lsusr -a DG_Name User_Num OS_ID OS_Name OHSDBA 1 500 oracle ASMCMD>
Reference
http://docs.oracle.com/cd/B14117_01/server.101/b10739/storeman.htm
http://docs.oracle.com/cd/B19306_01/server.102/b14231/storeman.htm#i1021337
http://docs.oracle.com/cd/B19306_01/server.102/b14215/asm_util.htm
http://docs.oracle.com/cd/E11882_01/server.112/e18951/asmcon.htm
http://docs.oracle.com/cd/E11882_01/server.112/e18951/asm_util001.htm
http://docs.oracle.com/database/121/OSTMG/GUID-34A732CD-CC55-4A25-982A-209FDF6134BE.htm
http://docs.oracle.com/database/121/OSTMG/GUID-1E5C4FAD-087F-4598-B959-E66670804C4F.htm
http://docs.oracle.com/database/121/OSTMG/GUID-995198B7-9235-4FCF-988E-A48B3B62B405.htm