Installing and Configuring Oracle Database 10g on the Linux Platform

Installing and Configuring Oracle Database 10g on the Linux Platform

by Roger Schrag
Database Specialists, Inc.

About Database Specialists, Inc.
Database Specialists, Inc. provides remote DBA services and onsite database support for your mission critical Oracle systems. Since 1995, we have been providing Oracle database consulting in Solaris, HP-UX, Linux, AIX, and Windows environments. We are DBAs, speakers, educators, and authors. Our team is continually recognized by Oracle, at national conferences and by leading trade publications. Learn more about our remote DBA, database tuning, and consulting services. Or, call us at 415-344-0500 or 888-648-0500.

Introduction

This paper will walk you through the steps of installing Oracle Database 10g release 2 (Oracle version 10.2.0) in a Linux environment. About 90% of the material presented here applies to other platforms as well. Everything you read in this paper is hands on, roll-up-your-sleeves-and-get-busy material for Oracle users who want to get an Oracle database up and running quickly without reading hundreds of pages of documentation and “readme” files.

These steps are meant to get you up and running as fast as possible, while leveraging best practices in order to set up a scalable, robust database environment that offers high performance. In order to keep the steps reasonably simple this paper does not cover Real Application Clusters (RAC), nor does it cover Oracle Internet Directory (OID), Automatic Storage Management (ASM), or Grid Control.

In this paper we will install the 10.2.0.2 release of Oracle Database 10g. This is the base distribution of Oracle Database 10g release 2 (10.2.0.1) with the 10.2.0.2 patch set applied on top. Be sure to check Oracle Support’s Metalink at http://metalink.oracle.com to see if a newer patch set has been released since this paper was published. You will need a valid Customer Service Identifier (CSI) number in order to access the Metalink website.

We ran our Oracle installations on Dell servers equipped with Intel Xeon and Pentium processors running Red Hat Enterprise Linux ES release 4, update 2. Oracle Database 10g is supported on other processor architectures and Linux distributions as well. Note that with Red Hat Enterprise Linux, the ES and AS varieties are supported while WS is not.

There are four phases to getting Oracle up and running on your server:

Prepare the server
Install the Oracle software and latest patch set
Create a database
Complete the server configuration

We will walk through these phases one at a time, detailing all the steps involved. The end result will be a very usable database that can be scaled up quite large, and an Oracle installation that follows industry-recognized best practices. Of course, every implementation is unique, and you will need to evaluate each step carefully against your particular requirements. However, this paper will get you off to a very solid start.

Prepare the Server

These steps configure your database server so that it will be ready to accept the Oracle software and database. In this section, we will make sure your server meets Oracle’s minimum requirements, create a Linux user and group to “own” the software, and create some directories that will be used by the Oracle software and database. All of the steps in this section are run as the root user.

Make sure that your hardware platform (processor architecture) is certified by Oracle Corporation for use with Oracle Database 10g release 2, and that you have acquired the correct distribution of Oracle software for your hardware platform. As of May 2006, the supported hardware platforms for Oracle on Linux are as follows:

Supported Hardware Platforms for Oracle Database 10g release 2

x86 (Intel and AMD processor chips that adhere to the x86 32-bit architecture)

x86-64 (AMD64/EM64T and Intel processor chips that adhere to the x86-64 architecture)

Itanium

IBM Power (Power 4+, 5, 5+, and PowerPC chip sets)

Supported Hardware Platforms for Oracle Database 10g release 2
x86 (Intel and AMD processor chips that adhere to the x86 32-bit architecture)
x86-64 (AMD64/EM64T and Intel processor chips that adhere to the x86-64 architecture)
Itanium
IBM Power (Power 4+, 5, 5+, and PowerPC chip sets)

The following commands can be used to identify the processor architecture on your database server:

      $ uname -m
      $ grep "model name" /proc/cpuinfo

Make sure that your Linux distribution is certified by Oracle Corporation for use with Oracle Database 10g release 2. Note that certifications vary by hardware platform. As of May 2006, the supported Linux distributions are as follows:

Supported Linux Distributions for Oracle Database 10g release 2

Red Hat Enterprise Linux AS/ES 4

Red Hat Enterprise Linux AS/ES 3 update 4 or later (x86, x86-64, and Itanium only)

SUSE Linux Enterprise Server 9.0 with SP2 or later

SUSE Linux Enterprise Server 8.0 with SP4 or later (Itanium only)

Asianux 2.0 (x86 only)

Asianux 1.0 (x86 only)

Supported Linux Distributions for Oracle Database 10g release 2
Red Hat Enterprise Linux AS/ES 4
Red Hat Enterprise Linux AS/ES 3 update 4 or later (x86, x86-64, and Itanium only)
SUSE Linux Enterprise Server 9.0 with SP2 or later
SUSE Linux Enterprise Server 8.0 with SP4 or later (Itanium only)
Asianux 2.0 (x86 only)
Asianux 1.0 (x86 only)

Be sure to check Oracle Support’s Metalink for the latest certification information, because it is quite possible that Oracle Database 10g realse 2 has been certified with additional Linux distributions or hardware platforms since this paper was written.

On systems running Red Hat distributions of Linux, you can use the following command to determine exactly which version and update of Red Hat you are using:

      $ cat /etc/redhat-release

Make sure that all of the required operating system packages have been installed on the database server. Which packages and versions are required will vary depending on your Linux distribution and hardware platform. The package version specified is typically a minimum, meaning that newer versions of the package are usually acceptable.

Required Packages for Red Hat Enterprise Linux 4
and Asianux 2.0 (x86 Hardware Platform)

binutils-2.15.92.0.2-13.EL4

compat-db-4.1.25-9

compat-libstdc++-296-2.96-132.7.2

control-center-2.8.0-12

gcc-3.4.3-22.1.EL4

gcc-c++-3.4.3-22.1.EL44

glibc-2.3.4-2.9

glibc-common-2.3.4-2.9

gnome-libs-1.4.1.2.90-44.1

libstdc++-3.4.3-22.1

libstdc++-devel-3.4.3-22.1

make-3.80-5

pdksh-5.2.14-30

sysstat-5.0.5-1

xscreensaver-4.18-5.rhel4.2

setarch-1.6-1

Required Packages for Red Hat Enterprise Linux 3
and Asianux 1.0 (x86 Hardware Platform)

make-3.79.1

gcc-3.2.3-34

glibc-2.3.2-95.20

compat-db-4.0.14-5

compat-gcc-7.3-2.96.128

compat-gcc-c++-7.3-2.96.128

compat-libstdc++-7.3-2.96.128

compat-libstdc++-devel-7.3-2.96.128

openmotif21-2.1.30-8

setarch-1.3-1

Required Packages for Red Hat Enterprise Linux 4
(x86-64 Hardware Platform)

binutils-2.15.92.0.2-13

compat-db-4.1.25-9

compat-libstdc++-33-3.2.3-47.3

control-center-2.8.0-12

gcc-3.4.3-9.EL4

gcc-c++-3.4.3-9.EL4

glibc-2.3.4-2

glibc-common-2.3.4-2

glibc-devel-2.3.4-2.9 (both 32 and 64 bit required)

glibc-headers-2.3.4-2.9

glibc-kernheaders-2.4-9.1.87

gnome-libs-1.4.1.2.90-44.1

libaio-0.3.103-3 (both 32 and 64 bit required)

libstdc++-3.4.3-9.EL4

libstdc++-devel-3.4.3-9.EL4

make-3.80-5

pdksh-5.2.14-30

sysstat-5.0.5-1

xscreensaver-4.18-5.rhel4.2

Required Packages for Red Hat Enterprise Linux 3
(x86-64 Hardware Platform)

make-3.79.1-17

compat-db 4.0.14-5.1

control-center-2.2.0.1-13

gcc-3.2.3-47

gcc-c++-3.2.3-47

gdb-6.1post-1.20040607.52

glibc-2.3.2-95.30

glibc-common-2.3.2-95.30

glibc-devel-2.3.2-95.30

glibc-devel-2.3.2-95.20 (32 bit)

compat-db-4.0.14-5

compat-gcc-7.3-2.96.128

compat-gcc-c++-7.3-2.96.128

compat-libstdc++-7.3-2.96.128

compat-libstdc++-devel-7.3-2.96.128

gnome-libs-1.4.1.2.90-34.2 (32 bit)

libstdc++-3.2.3-47

libstdc++-devel-3.2.3-47

openmotif-2.2.3-3.RHEL3

sysstat-5.0.5-5.rhel3

setarch-1.3-1

libaio-0.3.96-3

libaio-devel-0.3.96-3

Required Packages for SUSE Linux Enterprise Server 9.0
(x86 and x86-64 Hardware Platforms)

binutils-2.15.90.0.1.1-32.5

gcc-3.3.3-43.24

gcc-c++-3.3.3-43.24

glibc-2.3.3-98.28

gnome-libs-1.4.1.7-671.1

libstdc++-3.3.3-43.24

libstdc++-devel-3.3.3-43.24

make-3.80-184.1

pdksh-5.2.14-780.1

sysstat-5.0.1-35.1

xscreensaver-4.16-2.6

You can use the following command to verify that a package has been installed:

      $ rpm -q <package name>

The following command will verify all of the packages required on Red Hat Enterprise Linux 4 (x86) systems:

      $ rpm -q binutils compat-db compat-libstdc++-296 control-center gcc \
               gcc-c++ glibc glibc-common gnome-libs libstdc++ libstdc++-devel \
               make pdksh sysstat xscreensaver setarch

If you are planning to install Red Hat Enterprise Linux 4 on an x86 or x86-64 server, you will likely find that all of the necessary packages are loaded for you if you select “Customize” during the package group selection phase of the Linux installation, followed by choosing the “Everything” option.

Note that in some cases both the 32 bit and 64 bit architecture of an RPM are required. You can verify that both have been installed with a command similar to the following:

      $ rpm -qa --queryformat "%{NAME}-%{VERSION}-%{RELEASE} (%{ARCH})\n" | grep libaio

You will need to perform the Oracle installation from an X window environment—you cannot use a character mode environment such as an SSH or telnet session. There is a facility for performing non-interactive installations (“silent” installs), but we won’t be covering that technique here. Your X environment can be the console on the database server, but it does not need to be. You can also use a Windows X emulator like Cygwin. If the database server is in a remote location, you can use SSH to securely forward X traffic from the database server back to your desktop. You can also use VNC to install remotely. We have run installations from a Windows desktop using both Cygwin and VNC and have had no problems with either. Over slow networks, VNC seems to be faster than X.
Make sure that your hardware is sufficient. You’ll need at least 1024 Mb RAM, a swap space at least the size of physical memory (or 1.5 times the amount of physical memory if you has 2 Gb or less of RAM) , and a bare minimum of 2.6 Gb of disk space. This will let you perform a “typical” Enterprise or Standard Edition software installation from CD or DVD and create a starter database. If you will be downloading the Oracle software from Oracle Technology Network at http://www.oracle.com/technology, you will need about 1.4 Gb of additional disk space to download and unpack the Oracle software. A production implementation typically requires more RAM and more disk space than the minimums listed here. The following commands will allow you to check physical memory and swap space:
```
      $ grep MemTotal /proc/meminfo
      $ grep SwapTotal /proc/meminfo
```
The Oracle installer will need access to a directory with at least 400 Mb of free space for writing temporary files during installation. Usually /tmp serves this purpose. If /tmp on your database server has less than 400 Mb of free space, then you will need to locate another directory with sufficient free space for use during the installation.

Make sure that the Linux kernel on the database server has parameters set sufficiently high for Oracle. The Oracle architecture makes extensive use of shared memory segments for sharing data among multiple processes and semaphores for handling locking. Many operating systems, including Linux, do not by default offer sufficient shared memory or semaphores for optimal Oracle performance. Thankfully, you can change kernel parameters in Linux simply by editing the /etc/sysctl.conf file and rebooting the server. The following script will show the current settings of the Linux kernel parameters relevant to Oracle:

      K="/tmp/kernelparams$$"
      /sbin/sysctl -a > $K 2> /dev/null
      grep kernel.shm $K
      echo "`grep sem $K | tr '\t' ' '` # semmsl semmns semopm semmni"
      grep file-max $K
      grep ip_local_port_range $K | tr '\t' ' '
      grep rmem_default $K
      grep rmem_max $K
      grep wmem_default $K
      grep wmem_max $K
      rm -f $K

The following table shows the purpose of each of these kernel parameters and a recommended setting to get you started:

Kernel
Parameter Setting To Get
You Started Purpose

shmmni 4096 Maximum number of shared memory segments

shmall 2097152 Maximum total shared memory (4 Kb pages)

shmmax 2147483648 Maximum size of a single shared memory segment

semmsl 250 Maximum number of semaphores per set

semmns 32000 Maximum number of semaphores

semopm 100 Maximum operations per semop call

semmni 128 Maximum number of semaphore sets

file-max 65536 Maximum number of open files

ip_local_port_range 1024 - 65000 Range of ports to use for client connections

rmem_default 1048576 Default TCP/IP receive window

rmem_max 1048576 Maximum TCP/IP receive window

wmem_default 262144 Maximum TCP/IP send window

wmem_max 262144 Maximum TCP/IP send window

Kernel Parameter	Setting To Get You Started	Purpose
shmmni	4096	Maximum number of shared memory segments
shmall	2097152	Maximum total shared memory (4 Kb pages)
shmmax	2147483648	Maximum size of a single shared memory segment
semmsl	250	Maximum number of semaphores per set
semmns	32000	Maximum number of semaphores
semopm	100	Maximum operations per semop call
semmni	128	Maximum number of semaphore sets
file-max	65536	Maximum number of open files
ip_local_port_range	1024 - 65000	Range of ports to use for client connections
rmem_default	1048576	Default TCP/IP receive window
rmem_max	1048576	Maximum TCP/IP receive window
wmem_default	262144	Maximum TCP/IP send window
wmem_max	262144	Maximum TCP/IP send window

These settings will be appropriate for most systems. If you decide to configure a very large buffer cache or library cache for your database down the road, or if you choose to run a large number of databases on one server, then you may need to increase the shmall setting and possibly the shmmax setting as well. In addition, if you configure your database to allow a large number of concurrent sessions without using Oracle's shared server architecture, then you may need to increase the semmsl and semmns settings as well.

Note that these recommended settings assume you have no other applications running on the database server that use shared memory segments or semaphores. You can view current shared memory and semaphore usage on your system with the following command:

      $ ipcs

In general, if your Linux kernel already has any of these parameters set larger than recommended here, you should not reduce the settings. If you do change any kernel parameter settings in /etc/sysctl.conf, then reboot the server so that the new settings will take effect.

We added the following lines to the end of our /etc/sysctl.conf file:

      # Kernel parameter settings for Oracle
      kernel.shmmni = 4096
      kernel.shmall = 2097152
      kernel.shmmax = 2147483648
      kernel.sem = 250 32000 100 128
      net.ipv4.ip_local_port_range = 1024 65000
      net.core.rmem_default = 1048576
      net.core.rmem_max = 1048576
      net.core.wmem_default = 262144
      net.core.wmem_max = 262144

If you are using SUSE Linux, then you must run the following command before rebooting the server to ensure that the /etc/sysctl.conf file will be read during reboot:

      $ /sbin/chkconfig boot.sysctl on

Create a Linux group that will be used by the Oracle software owner. You can call it anything you like, but the standard is “oinstall”. This group is often called the “Oracle Inventory” group. If you will be installing Oracle on multiple servers on your network, you might want to keep the groupid the same on all servers. You can create your oinstall group with a command like:
```
      $ /usr/sbin/groupadd -g 501 oinstall
```
Create a Linux group that will be used by Oracle database administrators. You can call it anything you like, but the standard is “dba”. Anybody who logs onto the database server with a Linux login that belongs to this group will be able to log onto all databases that run from this Oracle software installation with DBA privileges. If you will be installing Oracle on multiple servers on your network, you might want to keep the groupid the same on all servers. You can create your dba group with a command like:
```
      $ /usr/sbin/groupadd -g 502 dba
```
Create a Linux user that will be the Oracle software owner. You can call it anything you like, but the standard is “oracle”. If you will be installing Oracle on multiple servers on your network, you might want to keep the userid the same on all servers. Note that this user’s home directory will not be the ORACLE_HOME or where the actual Oracle software is installed; this user’s home directory should be in the same place as other users’ home directories.
The Oracle software owner should have the oinstall group as the primary group and the dba group as a secondary group. You can create your oracle user with commands like:
```
      $ /usr/sbin/useradd -c 'Oracle software owner' -d /home/oracle \
                          -g oinstall -G dba -m -u 501 -s /bin/bash oracle
      $ passwd oracle
```
The useradd command shown here give your oracle user the Bash shell. You could just as easily choose Korn or Bourne shell instead.

For larger systems, it will be necessary to increase limits that the shell imposes on the oracle user for maximum number of open file descriptors and processes. Follow these steps to increase the limits:

Add the following lines in the /etc/security/limits.conf file:

      oracle           soft    nproc   2047
      oracle           hard    nproc   16384
      oracle           soft    nofile  1024
      oracle           hard    nofile  65536

Add the following lines to the /etc/pam.d/login file, if they are not already present:

      session    required     /lib/security/pam_limits.so
      session    required     pam_limits.so

Add the following lines in the /etc/profile file (or the /etc/profile.local file on SUSE systems) if the oracle user uses the Bash, Korn or Bourne shell:

      if [ $USER = "oracle" ]; then
              if [ $SHELL = "/bin/ksh" ]; then
                    ulimit -p 16384
                    ulimit -n 65536
              else
                    ulimit -u 16384 -n 65536
              fi
      fi

If the oracle user uses the C shell, then add the following lines in the /etc/csh.login file (or the /etc/csh.login.local file on SUSE systems):
```
      if ( $USER == "oracle" ) then
              limit maxproc 16384
              limit descriptors 65536
      endif
```

Create mount points for the Oracle software and the Oracle database. Each mount point should correspond to a separate physical device or set of devices. You’ll need at least one mount point. Typically you use one mount point for the Oracle software and one or more mount points for each database. One common convention is to call the mount points /u01, /u02, and so on. Because mount points are typically owned by root and the Oracle installer will run as the oracle user and not as root, you should create some subdirectories now to avoid permission problems later. Create an app/oracle subdirectory below the software mount point, and oradata subdirectories below the mount points to be used for database files. (You can put software and a database on the same mount point if you wish.) Make these subdirectories owned by the oracle user and oinstall group, and give them 775 permissions. You can use commands like:
```
      $ mkdir /u01/app /u01/app/oracle /u01/oradata
      $ chown oracle:oinstall /u01/app /u01/app/oracle /u01/oradata
      $ chmod 775 /u01/app /u01/app/oracle /u01/oradata
```
If you downloaded the Oracle software Oracle Technology Network, then use unzip to unpack the distribution. If you have the software on CD or DVD, then mount the Oracle Database 10g release 2 media now.

Install the Oracle Software and Latest Patch Set

These steps install the Oracle software and latest patch set on your server. As of this writing, Oracle release 10.2.0.1 is the only version of Oracle Database 10g release 2 available for download from Oracle Technology Network or available on CD or DVD media. However, the current patch set is 10.2.0.2. Therefore, we will install Oracle release 10.2.0.1 and apply patch set 10.2.0.2 on top of the installation. Before proceeding with the steps in this section, you should check Oracle Technology Network (http://www.oracle.com/technology) and Oracle Support’s Metalink (http://metalink.oracle.com) to see if any newer releases and/or patch sets are available.

The Oracle Universal Installer will suggest creating a database at the same time that it installs the Oracle software. It will be better to hold off on database creation until after the latest patch set has been applied—this will allow us to avoid having to patch the newly created database when installing the patch set.

In this section, we will prepare the oracle user’s environment, run the Oracle Universal Installer twice (once to install the base release and once to install the latest patch set), and tidy up a few minor loose ends. All of the steps in this section, except where noted, are run as the oracle user.

Edit the oracle user’s login file on the database server so that the environment will be configured automatically on login. If you are using Bash shell, then edit .bash_profile. If you are using Bourne or Korn shell, then edit .profile. You can also use C shell and edit .cshrc, but the syntax will be different from the examples you see here. For now, we will hardcode certain things. But after we create a database, we will come back and eliminate all hardcodings. Here is what we added to our .bash_profile for the install:

      umask 022
      #
      # Substitute your Oracle software mount point in the line below.
      export ORACLE_BASE=/u01/app/oracle
      #
      # Ensure that ORACLE_HOME and TNS_ADMIN are not set.
      unset ORACLE_HOME
      unset TNS_ADMIN
      #
      # If your /tmp directory has less than 400 Mb free, then edit
      # and uncomment the following three lines.
      # TMP=/mount_point_with_400_mb_free
      # TMPDIR=/same_mount_point
      # export TMP TMPDIR
      #
      # The documentation does not mention how PATH should be set.
      # The following PATH setting worked for us:
      export PATH=/usr/local/bin:/bin:/usr/bin:/usr/X11R6/bin

Log out and log back in as the oracle user from an X window so that the environment is set correctly. If you will be performing the installation from a PC or other workstation instead of using the database server’s console directly, you may wish to forward X window traffic over an SSH connection. This offers increased security (in the case of a public network) and convenience. If you will be performing the installation from a Windows PC, you can use PuTTY to forward your X window traffic by selecting the “Enable X11 forwarding” checkbox in PuTTY’s SSH Tunnels configuration screen. As an alternative to X, you may wish instead to start a VNC server on your database server by running the following command as the oracle user:
```
      $ /usr/bin/vncserver
```
With a VNC server running in this way, you can achieve an X environment by running a VNC viewer on your desktop workstation. You can shut down the VNC server by running the following command:
```
      $ /usr/bin/vncserver -kill :1
```
Make sure your DISPLAY variable is set. If you are forwarding X window traffic over an SSH connection, using VNC, or working from the server’s console directly, the DISPLAY variable should already be set for you. If your DISPLAY variable has not been set already, then you will need to set it manually to the IP address of your X server plus the X server and screen numbers. You can set your DISPLAY variable with a command like:
```
      $ export DISPLAY=myworkstation:0.0
```
If you had to set your DISPLAY variable manually in the previous step, then ensure that the X server on your workstation will allow your database server to open windows on your display. The easiest way to do this is to issue an xhost command from a session on your workstation. (Don’t get confused and issue the command in a window that is logged onto your database server.) You can issue a command like:
```
      $ xhost +mydatabaseserver
```
Ensure that the mount point you plan to use for the Oracle software has sufficient free space. For a basic Enterprise Edition and patch set installation, allow 1.6 Gb for the software mount point as a bare minimum. You will need more space if you plan to install non-default options or components from the Oracle Database 10g Companion CD (or the Companion area of the DVD).
Double check that you are logged in as oracle and not root, and that the environment variables have been set by the login script you prepared earlier. Then change to your home directory and start the Oracle Universal Installer with a command like one of the following:
```
      $ <full path to DVD>/database/runInstaller
```
or
```
      $ <full path to CD>/runInstaller
```
We’ll walk through the installer prompts one at a time:
1. The Select Installation Method window appears. Choose Advanced Installation and then click Next.
2. If the Specify Inventory Directory and Credentials window appears, verify that the inventory directory is set to the oraInventory subdirectory of the directory referenced by the ORACLE_BASE environment variable you set in the login script. In the Operating System Group Name field, select the oinstall group. Click Next. You won't see this window if you have previously installed Oracle software on this database server.
3. The Select Installation Type window appears. We will perform a “typical” install to get a basic set of Oracle software installed. You can rerun the installer again later and choose Custom to install additional products individually. For now, choose Standard Edition or Enterprise Edition. The Enterprise Edition of Oracle Database 10g has some very sophisticated features missing from Standard Edition, and the opportunity to purchase additional options that might be valuable to a large enterprise. However, the Enterprise Edition is much more expensive than Standard Edition. It is very important that you choose the edition that matches your license, as this will be difficult to fix later. Click Next.
4. The Specify Home Details window appears. Oracle provides a suggested Name and Path for the Oracle home (software installation) that is about to be created. You can name this Oracle home anything you like. Beginning in Oracle Database 10g the standard for Oracle home location has changed to /<mount-point>/app/oracle/product/10.2.0/db_<N>. The new component at the end, such as db_1 or db_2, allows you to install multiple copies of the same Oracle version on one server in a standardized way. Note that we will refer back to this path frequently, calling it the Oracle home or simply $ORACLE_HOME. If you are planning to go with the path suggestion provided by Oracle, make sure there isn’t an extra occurrence of the “oracle” component in the path. When you are satisfied with the name and path for your Oracle home, click Next.
5. At this point Oracle performs a serries of prerequisite checks. If you performed all of the preparation steps correctly, all checks should be successful and you can simply click the Next button. If there are any problems, you can correct the problem and click Retry, or click checkboxes in order to ignore specific warnings or error messages.
6. If you have any existing Oracle databases on your server that are at a version prior to what you are now installing, the installer will ask if you would like to run the Database Upgrade Assistant at the end of the installation to migrate or upgrade these older databases to the current version. Make your decision and click Next. (We won’t be covering the Database Upgrade Assistant here.)
7. The Select Configuration Options window appears. We could have Oracle create a database at the same time the software is installed, but this would not be a good idea because we would have to immediately patch the database when we install the patch set. We will choose the “Install database Software only” option instead. After we have applied the patch set, we will use the Database Configuration Assistant to create a database. Click Next.
8. The Summary window appears. Review all of the selections you have made to confirm they are correct. Click Install.
9. During the installation an Execute Configuration Scripts window will appear. The installation will be paused at this point, waiting for you to run scripts as root. (The first time you install Oracle software on the database server there will be two scripts to run as root, while additional installations only require one script to be run as root.) You should open another window, log in to the database server as root, review the scripts to be run thoroughly, run the scripts, and click OK in the Execute Configuration Scripts window.
10. The End of Installation window appears. URLs for iSQL*Plus will be displayed. Note these URLs for future reference. Click Exit to exit the installer.
11. You can run the installer again and perform a custom installation to install any individual products that did not get installed as part of the “typical” installation.
12. It is important to note that the default Enterprise Edition install loads certain extra cost options, such as OLAP and table partitioning, onto your database server. If you are not licensed to use these options, then you should deinstall them. To deinstall products, restart the installer and click the Installed Products button on the End of Installation or Select Installation Type window.
Some distributions of Oracle Database 10g release 2 install with file permissions that are excessively strict for most applications. Setting file permissions as restrictively as possible makes the system more secure, but this makes no sense if permissions are so limiting that the system cannot be used properly. A patch is available to loosen the permissions to a level that is still considered secure, yet allows users other than oracle to connect to the database directly without having to use Oracle's network listener. To determine if you need this patch, check the permissions on the $ORACLE_HOME directory (the directory you specified as the path on the Specify Home Details screen of the Oracle software installation). If the permissions are 755, then you do not need the patch. If the permissions are 750, then you will need the patch if you want Linux users logged into the database server to be able to access the database without having to connect through Oracle's network listener. You can download and apply the patch as follows:
1. Set the ORACLE_HOME environment variable to point to your Oracle home with a command like:
```
      $ export ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
```
2. Create a subdirectory to hold the patch file as follows:
```
      $ mkdir $ORACLE_HOME/patches
```
3. Download patch 4516865 from Oracle Support’s Metalink (http://metalink.oracle.com) for your correct platform, such as Linux x86, into the patch directory created in the previous step.
4. Unpack the patch file as follows:
```
      $ unzip p4516865_10201_LINUX.zip
```
5. Apply the patch with the following commands:
```
      $ cd 4516865
      $ PATH=$PATH:$ORACLE_HOME/OPatch
      $ opatch apply
      $ cd $ORACLE_HOME/install
      $ chmod u+x changePerm.sh
      $ ./changePerm.sh
```
  When running the changePerm.sh script, you will be asked if you wish to continue. Press “y” and Enter.
6. The libclntsh.so.10.1 library apparently is missing from the list of files to be adjusted by this patch, so adjust its permissions manually as follows:
```
      $ chmod 755 $ORACLE_HOME/lib/libclntsh.so.10.1
```
At this point we are ready to patch the Oracle software installation with the latest maintenance release available. Log onto Oracle Oracle Support’s Metalink (http://metalink.oracle.com) and download the latest patch set for Linux x86 or whichever processor architecture your database server uses. As of this writing, release 10.2.0.2 (patch number 4547817) is the latest for Linux x86.
Use a command like the following to unpack the patch set:
```
      $ unzip p4547817_10202_LINUX.zip
```
Set the ORACLE_HOME environment variable to point to your Oracle home with a command like:
```
      $ export ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
```
Double check that you are logged in as oracle and not root, and that your DISPLAY environment variable is still set correctly. Then change to the directory where you unpacked the patch set and start the Oracle Universal Installer with these commands:
```
      $ cd <location of unpacked patch set>/Disk1
      $ ./runInstaller
```
Once again, we’ll walk through the installer prompts one at a time:
1. The Welcome window appears. Click Next.
2. The Specify Home Details window appears. Verify that the Name and Path fields are set to the Oracle home where you just installed Oracle software in the previous steps. Do not go with a different Name or Path, even if the installer has defaulted these fields this way. Click Next.
3. The Summary window appears. Click Install.
4. During the installation an Execute Configuration Scripts window will appear. Once again the installation will be paused at this point, waiting for you to run a root.sh script as root. As before, the script can be found in the Oracle home directory. You should open another window, log in to the database server as root, and review the root.sh script thoroughly before running it. The script will complain about three files already existing in /usr/local/bin. You can accept the default action to not overwrite these files. Click OK in the Execute Configuration Scripts window after running the script.
5. The End of Installation window appears. Click Exit to exit the installer.
In $ORACLE_HOME/bin (the bin directory under your Oracle home) you will find a shell script called oraenv. This script can be called from .bash_profile or .profile to set up a user’s environment automatically whenever they log onto the database server. We will customize the oraenv script because there are a few variables that the script should set but doesn’t. Make a backup copy of the oraenv script and then edit it, adding the following lines to the very end:

      # Begin customizations
      ORACLE_BASE=`dirname $ORACLE_HOME`
      ORACLE_BASE=`dirname $ORACLE_BASE`
      case "$ORACLE_BASE" in
        */product) ORACLE_BASE=`dirname $ORACLE_BASE` ;;
        *)         ;;
      esac
      DBA=$ORACLE_BASE/admin
      # Substitute the locale and character set you plan to use for your
      # database in the line below. Some common choices are:
      #   NLS_LANG=american_america.WE8ISO8859P1 (Linux and Unix default)
      #   NLS_LANG=american_america.AL32UTF8     (Unicode 3.1)
      #   NLS_LANG=american_america.UTF8         (Unicode 3.0)
      #   NLS_LANG=american_america.WE8MSWIN1252 (Windows)
      NLS_LANG=american_america.WE8ISO8859P1
      export ORACLE_BASE DBA NLS_LANG
      # End customizations

In the same directory you’ll also find a shell script called coraenv that can be called from .cshrc. If you use C shell, you will want to back up and edit coraenv with similar changes to the oraenv script.
The root.sh script copied oraenv and coraenv from $ORACLE_HOME/bin to the /usr/local/bin directory. You just updated these scripts in $ORACLE_HOME/bin. Copy the updated versions to the /usr/local/bin directory.

Create a Database

These steps create an Oracle database. Everybody will have different needs for their database, but the steps here will yield a functional database that you can further tailor to your specific needs. In this section we will use the Database Configuration Assistant to create a database, adjust the database in order to better comply with industry-proven best practices, and configure Oracle Net. All of the steps in this section are run as the oracle user.

Set up your environment the same way you did when you ran the Oracle Universal Installer: Log in as the oracle user on the database server from an X window or VNC session, set your DISPLAY variable appropriately, and make sure that your ORACLE_BASE variable is set correctly based on your login file.
Set the ORACLE_HOME environment variable to point to your Oracle home with a command like:
```
      $ export ORACLE_HOME=/u01/app/oracle/product/10.2.0/db_1
```
Choose a name for your Oracle instance, up to eight characters long. The instance name is easy to change at any time. However, you will want to keep the instance name the same as the database name in order to avoid confusion. Changing the database name later is possible, but not the easiest thing to do. So pick a name for the instance that you like. Set the ORACLE_SID variable accordingly with a command like:
```
      $ export ORACLE_SID=dev10ee
```
Launch the Database Configuration Assistant with the following commands:
```
      $ cd $ORACLE_HOME/bin
      $ ./dbca
```
We’ll walk through the prompts one at a time:
1. The Welcome window appears. Click Next.
2. The Operations window appears. Choose “Create a Database” and click Next.
3. The Database Templates window appears. Here you choose a template (a set of default specifications) for the database you wish to create. Oracle provides templates called “Data Warehouse,” “General Purpose,” and “Transaction Processing.” Oracle has pre-built data files available for these three templates, meaning that database creation will go faster than if Oracle has to build the database from scratch. You can also choose Custom and create your own template. We will choose General Purpose here. Click Next.
4. The Database Identification window appears. Here you specify the global name and the instance name (SID) for the database. It would be nice if these fields defaulted from the ORACLE_SID environment variable, but this may or may not happen. In the Global Database Name field, enter the database name you selected, followed by a period and your domain name. For example, “dev10ee.dbspecialists.com”. The SID field will fill in automatically from the global name. Click Next.
5. The Management Options window appears. Here you indicate whether or not you wish to have the Enterprise Manager tool configured. Grid Control is Oracle’s enterprise-wide database management tool. This option will be grayed out if Grid Control infrastructure has not already been established. Database Control is a stand-alone management tool specifically configured to manage one database. If Grid Control is not present, the defaults in this window will specify to configure Database Control for this database. This will enable you to perform many database management functions for this database from a web browser. You may optionally configure Database Control to send you alerts via email and to back up the database daily. It does not hurt to choose Database Control configuration at this time—you can always shut it down later. We will not be covering the database backup feature here. Click Next.
6. The Database Credentials window appears. Every Oracle 10g database has accounts called SYS, SYSTEM, DBSNMP, and SYSMAN. You must provide passwords for each of these accounts, although you can choose to give all four the same password. It is easy to change passwords later, and members of the dba Linux group can access the database without a password and change passwords for any database account. Enter the initial passwords for these accounts and click Next.
7. The Storage Options window appears. The files that make up an Oracle database can be stored on a regular file system, raw devices, or disks managed automatically by Oracle’s Automatic Storage Management facility. We will not be covering raw devices or ASM here, so select File System and click Next.
8. The Database File Locations window appears. Here you specify where on the file system the files that make up the database should initially reside. It will be easy to change file locations later, and database files can be spread over multiple directories. The default option on this window is to use the file location specified in the template. This is not a good idea as the location specified by the templates goes against standard conventions. Instead you should select “Use Common Location for All Database Files” and enter a mount point name followed by the oradata subdirectory, such as “/u01/oradata”. The location you enter here should match one of the directories you created in step 12 of the first section above. Click Next.
9. The Recovery Configuration window appears. A solid backup and recovery plan is absolutely necessary for any database that will hold data of any importance. However, there are many options available and needs vary greatly from one situation to the next. The flash recovery area is used by the “Flashback database” feature and also by Enterprise Manager if you chose to configure automatic database backups. Archiving, meanwhile, is necessary for databases that will be backed up while they are open. Archiving can be enabled easily at a later time. Since we are not covering backup and recovery strategies here, we will uncheck both options and click Next.
10. The Database Content window appears. This window contains multiple tabs where you may choose what data will be preloaded in the new database. Your options here will vary depending on which Oracle software options you installed and which database creation template you chose. Typically there will be no need for you to specify any custom scripts, and preloading the sample schemas can be helpful in a development database for seeing examples of various techniques. Make your selections and click Next.
11. The Initialization Parameters window appears. Tabs in this window let you set various initialization parameters, and a button lets you view and edit all parameters in a tabular form. Click on the Character Sets tab and select the character set for the database that matches the character set name you put into the oraenv script in an earlier step. It is hard to change the character set of a database, so make sure you are happy with your selection before proceeding. Initialization parameters, on the other hand, are easily changed later. In this window, therefore, you should make sure the character set is correct but not worry too much about the other settings. (Setting the character sets is very different from setting initialization parameters, so the fact that the Character Sets tab appears on a window entitled Initialization Parameters may be confusing.) Click Next.
12. The Database Storage window appears. Here you can review and edit the details of how the control files, online redo logs, data files, and tablespaces will be created. If you are using one of the templates that was provided, you will not be able to change very many settings. If you want to change the locations of some of the database files, you can do that here or after the database has been created. The default redo log size (10 Mb) is somewhat small, so you might want to change it. Again, you can do that here or after the database has been created. When you are satisfied with the settings, click Next.
13. The Creation Options window appears. You may choose to create the database now, generate scripts to create the database later, and/or save the settings as a template. Saving as a template allows you to create the database at a later time or create many similar databases more easily. Make your selection and click Finish.
14. A Confirmation window appears. Review all of your selections and click OK.
15. A progress window appears and database creation proceeds.
16. When database creation is complete, a window will appear which indicates the name of the database, the location of the parameter file, and the URL for accessing Enterprise Manager. Note this URL for future reference. Depending on what options you selected, additional accounts may have been created on the database besides the basic SYS, SYSTEM, DBSNMP, and SYSMAN. All additional accounts are now locked. You may click the Password Management button to unlock these accounts and set passwords if you wish, but you should only unlock an account if you have a specific reason for doing so. When you are finished, click the Exit button to exit the Database Creation Assistant.
While logged onto the database server as the oracle user, run the following commands to set environment variables so that you will be able to access the database easily (substitute your Oracle instance name):
```
      $ export ORACLE_SID=dev10ee
      $ export ORAENV_ASK=NO
      $ . /usr/local/bin/oraenv
```

If you would like to move any of the data files or online redo logs for this database to another directory, use commands like the following:

      $ sqlplus /nolog
      SQL> CONNECT / AS SYSDBA
      SQL> SHUTDOWN IMMEDIATE
      SQL> STARTUP MOUNT
      SQL> HOST mv -i /u01/oradata/dev10ee/users01.dbf /u02/oradata/dev10ee/users01.dbf
      SQL> ALTER DATABASE RENAME FILE
        2  '/u01/oradata/dev10ee/users01.dbf' TO
        3  '/u02/oradata/dev10ee/users01.dbf';
      SQL> HOST mv -i /u01/oradata/dev10ee/redo01.log /u02/oradata/dev10ee/redo01.log
      SQL> ALTER DATABASE RENAME FILE
        2  '/u01/oradata/dev10ee/redo01.log' TO
        3  '/u02/oradata/dev10ee/redo01.log';
      SQL> ALTER DATABASE OPEN;
      SQL> EXIT

Note that this procedure does not work for control files. Relocating database control files will be covered in a later step.

In databases created with supplied templates, all data files have the “auto-extend” feature turned on. This means that when a data file becomes full, it will automatically grow larger as needed. The problem with this is that an application can get out of control and fill up an entire disk partition. It also means that you need to manage your free space at the operating system level. Many DBAs prefer to manage free space at the database level by pre-allocating space to data files and not using the auto-extend feature. You may resize data files and disable auto-extend with commands like:

      $ sqlplus /nolog
      SQL> CONNECT / AS SYSDBA
      SQL> ALTER DATABASE DATAFILE '/u01/oradata/dev10ee/system01.dbf' AUTOEXTEND OFF;
      SQL> ALTER DATABASE DATAFILE '/u01/oradata/dev10ee/sysaux01.dbf' AUTOEXTEND OFF;
      SQL> ALTER DATABASE DATAFILE '/u01/oradata/dev10ee/undotbs01.dbf' AUTOEXTEND OFF;
      SQL> ALTER DATABASE DATAFILE '/u01/oradata/dev10ee/example01.dbf' AUTOEXTEND OFF;
      SQL> ALTER DATABASE DATAFILE '/u01/oradata/dev10ee/users01.dbf' AUTOEXTEND OFF;
      SQL> ALTER DATABASE TEMPFILE '/u01/oradata/dev10ee/temp01.dbf' AUTOEXTEND OFF;
      SQL> ALTER DATABASE DATAFILE '/u01/oradata/dev10ee/system01.dbf' RESIZE 600m;
      SQL> ALTER DATABASE DATAFILE '/u01/oradata/dev10ee/sysaux01.dbf' RESIZE 300m;
      SQL> ALTER DATABASE DATAFILE '/u01/oradata/dev10ee/undotbs01.dbf' RESIZE 50m;
      SQL> ALTER DATABASE TEMPFILE '/u01/oradata/dev10ee/temp01.dbf' RESIZE 50m;

Oracle uses a server parameter file or “spfile” to store the initialization parameters—settings that affect the instance. The default parameter settings provided by the Database Configuration Assistant are not bad, but you may want to make some changes. Unfortunately, you cannot edit the spfile. Instead, you must export the contents of the spfile to a plain text file called a “pfile”. You can then edit the pfile and convert it back to an spfile for use on your database. (This might sound confusing, but is actually pretty straightforward.)
Shut down the database and export the contents of the spfile into a pfile that you can edit with commands like:
```
      $ sqlplus /nolog
      SQL> CONNECT / AS SYSDBA
      SQL> CREATE PFILE='/home/oracle/dev10ee-params.txt'
        2  FROM SPFILE;
      SQL> SHUTDOWN IMMEDIATE
```

Make a backup copy of the pfile you created in the previous step and edit the pfile to change parameters as you wish, based on your needs and your server’s capabilities. You can always change parameters again in the future, so you are not locking yourself into anything right now. Here is the pfile that we ended up with:

      *.audit_file_dest='/u01/app/oracle/admin/dev10ee/adump'
      *.background_dump_dest='/u01/app/oracle/admin/dev10ee/bdump'
      *.compatible='10.2.0.2.0'
      *.control_files='/u01/oradata/dev10ee/control01.ctl','/u01/oradata/
      dev10ee/control02.ctl','/u01/oradata/dev10ee/control03.ctl'
      *.core_dump_dest='/u01/app/oracle/admin/dev10ee/cdump'
      *.db_block_size=8192
      *.db_domain='dbspecialists.com'
      *.db_file_multiblock_read_count=16
      *.db_name='dev10ee'
      *.job_queue_processes=10
      *.open_cursors=300
      *.os_authent_prefix=''
      *.pga_aggregate_target=24m
      *.processes=50
      *.remote_login_passwordfile='EXCLUSIVE'
      *.sga_target=240m
      *.undo_management='AUTO'
      *.undo_tablespace='UNDOTBS1'
      *.user_dump_dest='/u01/app/oracle/admin/dev10ee/udump'

The database is created with three control files. The control file is a pretty small file that contains crucial configuration and synchronization information that Oracle needs in order to locate all the files that make up the database and keep them consistent. All three copies of the control file are kept identical; whatever Oracle writes to one control file it also writes to the other two. (Think of it like software mirroring.) It is a good idea to move at least one of the control files to another location. With the database shut down, you can go ahead and move the control files around as you wish. Be sure to change the control_files entry in your pfile accordingly.
Remove the existing spfile that the Database Configuration Assistant created, and the bogus pfile that it left behind, with the following commands:
```
      $ rm -i $ORACLE_HOME/dbs/spfile$ORACLE_SID.ora
      $ rm -i $ORACLE_BASE/admin/$ORACLE_SID/pfile/init.ora*
```
Create a symbolic link from the location where Oracle looks for the spfile to the location where you will actually maintain the spfile:
```
      $ ln -s $ORACLE_BASE/admin/$ORACLE_SID/pfile/spfile$ORACLE_SID.ora \
              $ORACLE_HOME/dbs/spfile$ORACLE_SID.ora
```

Now convert the pfile that you edited back into an spfile that Oracle can use with the following commands:

      $ sqlplus /nolog
      SQL> CONNECT / AS SYSDBA
      SQL> CREATE SPFILE='$ORACLE_BASE/admin/$ORACLE_SID/pfile/spfile$ORACLE_SID.ora'
        2  FROM PFILE='/home/oracle/dev10ee-params.txt';

You are now ready to restart your database using your newly created spfile. Use the following commands to start the database and view the parameters that are in effect. These settings should match what you put in your pfile a few steps back:
```
      $ sqlplus /nolog
      SQL> CONNECT / AS SYSDBA
      SQL> STARTUP
      SQL> SET PAGESIZE 100
      SQL> SELECT   name, value, isdefault
        2  FROM     v$parameter
        3  ORDER BY isdefault, name;
```
You can follow the above few steps at any time to make further changes to the parameters. However, if you only have a few changes to make, there is a much easier way than exporting the spfile into a pfile, editing the pfile, and converting back to an spfile. You can simply:
```
      $ sqlplus /nolog
      SQL> CONNECT / AS SYSDBA
      SQL> ALTER SYSTEM SET parameter = value
        2  SCOPE = SPFILE;
```
This will update the setting in your spfile, and the change will take effect the next time you restart the instance. Many parameters are dynamic, meaning that you can change them on the fly without restarting the instance. For dynamic parameters, you can omit the SCOPE = line above and Oracle will change the parameter setting immediately and in the spfile.
Oracle Net is the networking infrastructure that allows applications running on other servers to access the database. The Oracle Net listener is a process that runs on the database server and monitors a TCP port for requests to access the database. The Oracle Net listener is configured by creating a file called listener.ora in the $ORACLE_HOME/network/admin directory. In the $ORACLE_HOME/network/admin/samples directory you will find an example listener.ora file. Unfortunately, many Oracle security exploits involve the Oracle Net listener, and therefore it is important that you configure it properly and securely. A functional listener.ora file that uses operating system authentication for securing the Oracle Net listener is as follows:
```
      #
      # Filename: listener.ora
      # 
      LISTENER =
        (DESCRIPTION_LIST =
          (DESCRIPTION =
            (ADDRESS_LIST =
              (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.16)(PORT = 1521))
            )
          )
        )
      SID_LIST_LISTENER =
        (SID_LIST =
          (SID_DESC =
            (GLOBAL_DBNAME = dev10ee.dbspecialists.com)
            (ORACLE_HOME = /u01/app/oracle/product/10.2.0/db_1)
            (SID_NAME = dev10ee)
          )
        )
```
The permissions on the listener.ora file should be 640.
Start the Oracle Net listener with the following command:
```
      $ lsnrctl start
```
The Oracle client libraries invoked by an application wishing to access the database read configuration files called sqlnet.ora and tnsnames.ora in order to figure out how to find the Oracle Net listener and what connection parameters should be used. In the same directory where the sample listener.ora file is located, you will also find a sample sqlnet.ora and tnsnames.ora. You should create a sqlnet.ora file and a tnsnames.ora file in the same directory where you created your listener.ora file. Set the file permissions to 644. Copy these two files to all application servers or other machines that will access the database. Functional sqlnet.ora and tnsnames.ora files are as follows:
```
      #
      # Filename: sqlnet.ora
      #
      NAMES.DEFAULT_DOMAIN = dbspecialists.com
      NAMES.DIRECTORY_PATH= (TNSNAMES)

      #
      # Filename: tnsnames.ora 
      #  
      DEV10EE.DBSPECIALISTS.COM =
        (DESCRIPTION =
          (ADDRESS_LIST =
            (ADDRESS = (PROTOCOL = TCP)(HOST = 192.168.1.16)(PORT = 1521))
          )
          (CONNECT_DATA =
            (SERVICE_NAME = dev10ee.dbspecialists.com)
          )
        )
```
You can verify that Oracle Net is configured correctly by attempting to access the database from an application server or other remote server, or by using commands like the following on the database server directly:
```
      $ sqlplus /nolog
      SQL> CONNECT system@dev10ee
      Enter password: <Enter SYSTEM password>
```
At this point you are ready to create tablespaces—logical groupings of data files—to hold your application data. You can put all of your data into one tablespace, or you can separate data into multiple tablespaces based on object type, object size, permanence, volatility, I/O volume, or any of a number of other criteria. In the past, choosing storage parameters and allocation schemes for database objects was rather tedious. Now it is quite simple because you can have Oracle do the space allocation and management automatically and it will do a pretty good job. Here is a sample tablespace creation statement for an application called “Flex”:
```
      CREATE TABLESPACE flex_data
      DATAFILE '/u02/oradata/dev10ee/flex_data01.dbf' SIZE 500m
      SEGMENT SPACE MANAGEMENT AUTO;
```
Create application roles if desired. Alternatively, you can use the default roles CONNECT, RESOURCE, and DBA.
Create your application accounts that will own the application schemas. Set the default tablespace to one of your application tablespaces designated to hold tables. Assign quotas on all of the application tablespaces where the account will need to be able to create schema objects. (You can use the keyword UNLIMITED.) You should not set any quota on the SYSTEM, SYSAUX, or TEMP tablespaces. Do not plan to create any application objects in the SYS or SYSTEM schemas, or store any application objects in the SYSTEM, SYSAUX, or TEMP tablespaces. Here is a sample application account creation statement:
```
      CREATE USER bob IDENTIFIED BY bob123
      DEFAULT TABLESPACE flex_data 
      QUOTA UNLIMITED ON flex_data;
```
Grant roles and/or system privileges to the application accounts. Note that if you grant the RESOURCE role to an account, that account will also receive the UNLIMITED TABLESPACE system privilege. This will let the account create objects in any tablespace, regardless of quotas. Think very carefully before granting the DBA role or allowing any accounts th have the UNLIMITED TABLESPACE privilege. Sample statements to grant and revoke privileges are as follows:
```
      GRANT connect, resource TO bob;
      REVOKE unlimited tablespace FROM bob;
```
Review the overall security of your database. Oracle Corporation has published a very detailed 25 page listing of recommended security checks. Download it from Oracle Technology Network at http://www.oracle.com/technology/deploy/security/pdf/twp_security_checklist_db_database.pdf. Another checklist, although not all of the recommendations seem appropriate, is available at http://www.sans.org/score/checklists/Oracle_Database_Checklist.pdf.

Complete the Server Configuration

These steps complete the configuration of your server for smooth Oracle operation. In this section we will change the oracle user’s login script to eliminate hardcoding, create individual operating system accounts for each database user, and configure the server to start the database and listeners automatically whenever the server is rebooted.

Edit the login file (.bash_profile or .profile) for the oracle user to eliminate hardcodings and call the oraenv script to set the environment instead. The following will work with Bash, Bourne, or Korn shell:
```
      # Settings for Oracle environment
      ORACLE_SID=dev10ee   # Put your instance name here
      ORAENV_ASK=NO
      export ORACLE_SID ORAENV_ASK
      . oraenv
```
Note that this script assumes that the /usr/local/bin directory is on your path. Also, if you use C shell then you should edit .cshrc and have it source coraenv.
Create separate Linux accounts for DBAs and database users who will log onto the database server directly. You should only log in as oracle when installing or patching software. The Linux accounts for DBAs should be members of the dba group, and other users should not be members of the dba group. Give each of these accounts a login file like oracle’s so that their environment initializes correctly when they log in.
Edit the /etc/oratab file to verify that the entry for your database is correct. Lines starting with a pound sign are considered comments and are ignored. Each non-comment line contains the name of one Oracle instance, its Oracle home, and a Y or N. A Y indicates that the database should be started automatically on server reboot, and an N indicates that it should not. The three fields should be separated by colons. A sample /etc/oratab file looks like this:
```
      #
      # /etc/oratab
      # ===========
      #
      dev10ee:/u01/app/oracle/product/10.2.0/db_1:Y
```

To make the database and listeners start up automatically when the server reboots and shut down automatically when the server shuts down, you’ll need to create a dbora file in /etc/init.d and either user the chkconfig command or manually link dbora to /etc/rc3.d and /etc/rc0.d. You’ll need to do this as the root user. First create a file called dbora in /etc/init.d as follows:

      #
      # chkconfig: 35 99 10
      # description: Start and stop the Oracle database, listener, EM, and iSQLPlus
      #
      ORA_HOME=/u01/app/oracle/product/10.2.0/db_1
      ORA_OWNER=oracle
      if [ ! -f $ORA_HOME/bin/dbstart ]
      then
        echo "Oracle startup: cannot start"
        exit
      fi
      case "$1" in
         'start') # Start the Oracle databases and listeners
                  su - $ORA_OWNER -c "$ORA_HOME/bin/dbstart $ORA_HOME"
                  su - $ORA_OWNER -c "$ORA_HOME/bin/emctl start dbconsole"
                  su - $ORA_OWNER -c "$ORA_HOME/bin/isqlplusctl start"
                  touch /var/lock/subsys/dbora
                  ;;
         'stop')  # Stop the Oracle databases and listeners
                  su - $ORA_OWNER -c "$ORA_HOME/bin/isqlplusctl stop"
                  su - $ORA_OWNER -c "$ORA_HOME/bin/emctl stop dbconsole"
                  su - $ORA_OWNER -c "$ORA_HOME/bin/dbshut $ORA_HOME"
                  rm -f /var/lock/subsys/dbora
                  ;;
      esac

Set the permissions on the dbora file to 700:

      $ chmod 700 /etc/init.d/dbora

After creating the dbora file, you need to link it to /etc/rc3.d and /etc/rc0.d for startup and shutdown. You may do this manually as follows:

      $ ln -s /etc/init.d/dbora /etc/rc3.d/S99dbora
      $ ln -s /etc/init.d/dbora /etc/rc5.d/S99dbora
      $ ln -s /etc/init.d/dbora /etc/rc0.d/K10dbora
      $ ln -s /etc/init.d/dbora /etc/rc1.d/K10dbora
      $ ln -s /etc/init.d/dbora /etc/rc2.d/K10dbora
      $ ln -s /etc/init.d/dbora /etc/rc4.d/K10dbora
      $ ln -s /etc/init.d/dbora /etc/rc6.d/K10dbora

Alternatively, you may use the chkconfig command to create the links as follows:

      $ cd /etc/init.d
      $ /sbin/chkconfig --add dbora

Conclusion

This paper walks you through the intricate details of getting Oracle Database 10g release 2 up and running on a database server running Linux. It may look complicated, but that’s only because this paper goes down to a nitty-gritty level of detail.

Please keep in mind, though, that the requirements are different for every Oracle implementation. We are extremely confident that if you follow these steps to install Oracle Database 10g release 2 (Oracle version 10.2.0) on a server with Red Hat Enterprise Linux and an x86 hardware platform, the process will go very smoothly for you. Things should go nearly as smoothly if you use another Linux distribution certified by Oracle or another hardware platform such as x86-64. However, no single document can address every specific hardware configuration and every set of business needs. Please use this paper as a starting point to get Oracle up and running in your shop. To get the best performance and scalability, each system needs to be considered individually.

About the Author

Roger Schrag has been an Oracle DBA and application architect for over fifteen years. He started out at Oracle Corporation on the Oracle Financials development team and moved into the roles of production DBA and database architect at various companies in the San Francisco Bay Area. Roger is a frequent speaker at Oracle Open World and the IOUG Live! conferences. He is also Director of Conference Programming for the Northern California Oracle Users Group. In 1995, Roger founded Database Specialists, Inc. which provides remote DBA services and onsite database support for mission critical Oracle systems.

Still Looking for Help on this Subject?
Get a Consultation
We would be happy to talk with you about our services and how our senior-level database team might help you. Call Database Specialists at 415-344-0500 or 888-648-0500 or fill out a free consultation request form.
Complimentary Newsletter
If you'd like to receive our complimentary monthly newsletter with database tips and new white paper announcements, sign up for The Specialist.