Objectives • Setting up operating system and password file authentication • Creating the parameter file • Starting up an instance and opening the... Every time an instance is started, Or
Trang 1
3
Managing
an Oracle Instance
Trang 3Objectives
3-2 Copyright Oracle Corporation, 1998 All rights reserved.
Objectives
• Setting up operating system and
password file authentication
• Creating the parameter file
• Starting up an instance and opening the
Trang 4An Oracle database is not available to users until the database administrator
has started the instance and opened the database
During a database startup, the following events occur that take the Oracle
database through various stages:
1 Start an instance
2 Mount the database
3 Open the database
Every time an instance is started, Oracle uses a parameter file, which
contains initialization parameters, to allocate the SGA and to start the
background processes
If an instance is started or a database is open, you can follow these steps to
shut down the database:
1 Close the database
2 Dismount the database
3 Shut down the instance
When a database is closed, users cannot access it Starting up and shutting
down are covered in detail later in this lesson
3-3 Copyright Oracle Corporation, 1998 All rights reserved.
User
process
Server process
PGA
Password file
ALERT file Parameter file
Overview
Control files
Data files Redo log files
Instance SGA Shared pool
Trang 5Validating Privileged Users
Validating Privileged Users
3-4 Copyright Oracle Corporation, 1998 All rights reserved.
Database Administrator Users
• Automatically created
• Granted the DBA role
The two database administrator users
SYS and SYSTEM are:
3-5 Copyright Oracle Corporation, 1998 All rights reserved.
User SYS and SYSTEM
Trang 6The Database Administrator Users
Extra privileges are necessary to execute administrative duties in Oracle
such as creating users These operations must be performed by database
administrators
Two database user accounts, SYS and SYSTEM, are automatically created
with the database and granted the DBA role—that is, a predefined role that is
automatically created with every database The DBA role has all database
system privileges
Note
This subject is covered in more detail in the lesson “Managing Privileges.”
SYS
When a database is created, the user SYS, identified initially by the
password CHANGE_ON_INSTALL, is automatically created and granted
the DBA role
All of the base tables and views for the data dictionary are stored in the
schema SYS
SYSTEM
When a database is created, the user SYSTEM, identified initially by the
password MANAGER, is also automatically created and granted the DBA
role privileges for the database
In the schema SYSTEM, additional tables and views are created that contain
administrative information used by Oracle tools
Note
You will probably want to create at least one additional administrator
username to use when performing daily administrative tasks
Instructor Note
Briefly define the term schema as a synonym of user and explain that this
subject will be covered in more detail in the security lessons
Trang 7Validating Privileged Users
Connecting with Administrator Privileges
In some cases the database administrator needs a special authentication
method, because the database may not be open, especially for operations
like shutdown and startup
Depending on whether you want to administer your database locally on the
same machine on which the database resides or to administer many different
database servers from a single remote client, you can choose either operating
system authentication or password files to authenticate database
Use OS authentication
Use a password fileAuthentication Methods
Trang 8Setting up the user to be authenticated by an operating system authentication
on a UNIX system is different from setting up a user for authentication on an
NT system
UNIX
1 The user must be a member of the UNIX group, usually called dba, that
is created before the Oracle Server is installed The installer assigns
Oracle database administrator and operator privileges to this UNIX
group
2 View the files /etc/group and /etc/passwd to determine the members of
the UNIX group
The following lines are an excerpt from the /etc/passwd file:
• Set up the user to be authenticated by
the operating system.
Trang 9Validating Privileged Users
3 Make sure that the REMOTE_LOGIN_PASSWORDFILE parameter is
NONE, which is the default value for this parameter
4 Connect to the database with the privilege SYSDBA or SYSOPER—
these are special database administrator privileges This implies
connecting in the schema owned by SYS:
CONNECT / AS {SYSDBA |SYSOPER }
Note
Using the privileges SYSDBA and SYSOPER is covered in the lesson
“Managing Privileges.”
NT
1 Create a new local Windows NT users’ group called ORA_<SID>_DBA
and ORA_<SID>_OPER that is specific to an instance, or ORA_DBA
and ORA_OPER that is not specific to an instance
2 Add a Windows NT operating system user to that group Once you
access this domain, you are automatically validated as an authorized
DBA
3 Set the REMOTE_LOGIN_PASSWORDFILE to NONE
4 Connect to the database with the privilege SYSDBA or SYSOPER:
CONNECT / AS { SYSDBA|SYSOPER }
Note
• To connect to a Windows NT server from a local, remote Windows NT
or Windows 95 client, NET8 must be installed on both the client and the
server
• The use of the command CONNECT INTERNAL used with earlier
versions of Oracle has been replaced by the new syntax:
CONNECT INTERNAL/pw AS SYSDBA
CONNECT INTERNAL continues to be supported for backward
compatibility only
• Oracle no longer supports setting DBA_AUTHORIZATION parameter
in the registry to BYPASS to enable connections without the use of a
password
Trang 10Using Password File Authentication
Oracle provides a password utility that allows connection to the Oracle
Server using a standard username and password, but that connects the user
to the SYS schema instead of as the username provided Access to the
database using the password file is provided by special GRANT commands
issued by privileged users (see the lesson “Managing Privileges.”)
Using a Password File on a UNIX and an NT Server
1 Create the password file using the password utility ORAPWD on UNIX
or ORAPWD80 on NT
orapwd file=<fname> password=<password> entries=<entries>
where:
database administratorsThe following command creates a password file with the password
“admin” for the user SYS and INTERNAL and accepts up to five users
with different passwords:
$orapwd file=$ORACLE_HOME/dbs/orapwU15 password=admin entries=5
3-8 Copyright Oracle Corporation, 1998 All rights reserved.
Using Password File Authentication
• Create the password file using the
Trang 11Validating Privileged Users
2 Set the REMOTE_LOGIN_PASSWORDFILE parameter to
EXCLUSIVE or SHARED
where:
EXCLUSIVE indicates that only one instance can use the
password file and that the password filecontains other names than SYS andSYSTEM
SHARED indicates that more than one instance can
use the password file (The only usersrecognized by the password file are SYS
• The password for INTERNAL is “oracle,” if Oracle is installed through
the Oracle8 Enterprise Edition option You can set the password during
installation by using the Custom installation option
Trang 12Changing the Internal Password
On UNIX and NT, delete the existing password file and create a new
password file using the ORAPWD utility
In addition, on NT you can use the ORADIM80 utility to recreate the
password file
C:\>ORADIM80 -NEW -SID sid [-INTPWD internal_pwd][SRVC svrcname] [MAXUSERS n][STARTMODE auto, manual][-PFILE filename]
where:
sid specifies the instance name
internal_pwd is the password for the internal account
n is the maximum number of entries of the
password file
auto or manual indicates whether the service start mode is
manual or automatic
used to configure the instance
3-9 Copyright Oracle Corporation, 1998 All rights reserved.
Changing the Internal Password
• Use the password utility on NT and UNIX
to delete and create the password file.
or
• Use the ORADIM80 utility on NT to delete
and create a new password file.
Trang 13Validating Privileged Users
To change the INTERNAL password, follow the steps:
1 Delete the SID for the password you want to change:
C:\> ORADIM80 -DELETE -SID sid
where sid is the SID to delete
2 Create the same SID again and specify a new INTERNAL password:
C:\> ORADIM80 -NEW -SID sid -INTPWD internal_pwd - MAXUSERS N
where SID is the same SID to recreate
Instructor Note
For more information about the ORADIM80 utility see the manual Oracle8
Enterprise Edition Getting Started Release 8.0.4 for Windows NT.
Trang 14Creating a Parameter File
The parameter file, commonly referred to as the init<SID>.ora file, is a text
file that can be maintained using a standard operating system editor
By default, it is located in the $ORACLE_HOME/dbs directory on a UNIX
machine and in the %ORACLE_HOME%\database directory on NT
The parameter file is read only during instance startup If the file is modified,
shut down and restart the instance to make the new parameter values
effective
Note
Oracle Enterprise Manager must be able to read the parameter file to start an
instance of a database Therefore starting a remote instance or database
requires the parameter file to be stored on the computer that is executing
Oracle Enterprise Manager
However, Oracle Enterprise Manager can also store the parameter
configurations This enables you to create multiple database startup
configurations without the need to track initialization parameter files Stored
configurations exist in the registry and not as external files
3-10 Copyright Oracle Corporation, 1998 All rights reserved.
The Initialization Parameter File
SVRMGR> CONNECT / AS SYSDBA
SVRMGR> STARTUP PFILE=/DISK1/initU15.ora
initU15.ora
Instance SGA Shared pool
Library cache Redo log
buffer
PMON DBWR SMON CKPT LGWR ARCH
Database buffer cache
Data dictionary cache
Trang 15Creating a Parameter File
To create or modify a stored configuration:
1 Use Instance Manager
2 Select Initialization Parameters
3 Choose Save on one of the property sheets
4 Enter a configuration name in the Configuration property sheet
Instructor Note
The parameter file can also reside on a device mounted by the computer, for
example, in a shared directory in an NFS mounted file system
Uses of Parameters
The parameters in the init <SID>.ora file can have a significant effect on
database performance, and some need to be modified in the following ways
for production systems:
• Size the System Global Area (SGA) components to optimize
performance
• Set database and instance defaults
• Set database limits
• Define (on database creation only) various physical attributes of the
database, such as the database block size
• Specify control files, archived log files, and trace file locations
Rules for Specifying Parameters
• Specify the values in the following format: keyword=value
• All parameters are optional
• The server has a default value for each parameter
• Parameters can be specified in any order
• Comment lines begin with the # symbol
• Enclose parameters in double quotation marks to include character
literals
• Additional files can be included with the keyword IFILE
• If case is significant for the operating system, then it is also significant in
filenames
• Multiple values are enclosed in parentheses and separated by commas
Note
Develop a standard for listing parameters; either list them alphabetically or
group them by functionality
Trang 163-11 Copyright Oracle Corporation, 1998 All rights reserved.
Parameter File Example
# Initialization Parameter File: initU15.ora
Trang 17Creating a Parameter File
Parameters That Should Be Specified
Instructor Note
These are only a few examples; the following lessons cover more
initialization parameters For a complete list, see the manual Oracle8
Reference, Release 8.0.
BACKGROUND_DUMP_DEST Location where background process trace files
are written
COMPATIBLE Version of the server with which this instance
should be compatible The default is 8.0.0CONTROL_FILES Names of the control files
DB_BLOCK_BUFFERS Number of blocks cached in the SGA The default
and the minimum is 50 buffers
DB_NAME Database identifier of eight characters or fewer
This is the only parameter that is required whencreating a new database
SHARED_POOL_SIZE Size in bytes of the shared pool
The default is 3500000
USER_DUMP_DEST Location where user trace files are created
Trang 18Commonly Modified Parameters
IFILE Name of another parameter file to be
embedded within the current parameterfile Up to three levels of nesting ispossible
LOG_BUFFER Number of bytes allocated to the redo log
buffer in the SGA
MAX_DUMP_FILE_SIZE Maximum size of the trace files, specified
as number of operating system blocks.PROCESSES Maximum number of operating system
processes that can connect simultaneously
to this instance
SQL_TRACE Enable or disable the SQL trace facility
for every user session
TIMED_STATISTICS Enable or disable timing in trace files and
in monitor screens
Trang 19Stages in Startup and Shutdown
Stages in Startup and Shutdown
Starting Up in Stages
When starting the database, you choose the state in which it starts
The following scenarios describe different stages of starting up an instance
Starting the Instance
Usually you would start an instance without mounting a database, only
during database creation or the recreation of control files
Starting an instance includes the following tasks:
• Reading the parameter file init<SID>.ora
• Allocating the SGA
• Starting the background processes
• Opening trace and ALERT files
The database must be named either with the DB_NAME parameter in the
init<SID>.ora file or in the STARTUP command.
3-12 Copyright Oracle Corporation, 1998 All rights reserved.
Control file opened for this instance.
Instance started.
SH
U TD
O WN STARTUP
Startup and Shutdown in Stages
Trang 20Mounting the Database
To perform specific maintenance operations, you start an instance and mount
a database, but do not open the database
For example, the database must be mounted but not open during the
following tasks:
• Renaming data files
• Enabling and disabling redo log archiving options
• Performing full database recovery
Mounting a database includes the following tasks:
• Associating a database with a previously started instance
• Locating and opening the control files specified in the parameter file
• Reading the control files to obtain the names and status of the data files
and redo log files (However, no checks are performed to verify the
existence of the data files and online redo log files at this time.)
Opening the Database
Normal database operation means that an instance is started and the database
is mounted and open; this allows any valid user to connect to the database
and perform typical data access operations
Opening the database includes the following tasks:
• Opening the online data files
• Opening the online redo log files
If any of the s or online redo log files are not present when you attempt to
open the database, Oracle returns an error
During this final stage, Oracle verifies that all the s and online redo log files
can be opened, and checks the consistency of the database If necessary, the
background process System Monitor (SMON) initiates instance recovery