关于orapwd命令entries参数的探究
今日早上看Oracle官方文档《Administrator's Guide》时,在密码文件章节,关于orapwd命令entries参数的说明如下:
This argument specifies the number of entries that you require the password file to accept. This number corresponds to the number of distinct users allowed to connect to the database as SYSDBA
or SYSOPER
. The actual number of allowable entries can be higher than the number of users, because theORAPWD
utility continues to assign password entries until an operating system block is filled. For example, if your operating system block size is 512 bytes, it holds four password entries. The number of password entries allocated is always a multiple of four.
大意是,entries参数并不是指多少个用户可被赋予sysdba或sysoper权限。实际数量可能高于entries参数指定的值,这与操作系统的block size有关。
按它的说法,操作系统的block size为512字节,entries指定为1的话,我可以给4个用户赋予sysdba或sysoper权限。
好奇,忍不住研究了一下。
一、查看操作系统的block size,本机为RHEL 6.3
[root@node2 ~]# tune2fs -l /dev/sdb |grep 'Block size' Block size: 4096
block size为4096字节,为512的8倍,按照上面的逻辑,可以给最多32个用户赋予sysdba或sysoper权限。
二、创建密码文件
[oracle@node2 dbs]$ orapwd file=orapworcl password=oracle entries=1 force=y
三、构造用户进行测试
如果能给最多32个用户赋予sysdba或sysoper权限的话,那么创建32个用户并赋予sysdba权限不会有问题,赋予第33个用户sysdba权限的时候会报错,实验一下。
首先创建32个用户并赋予sysdba权限,脚本如下:
declare sqltext1 varchar2(100); sqltext2 varchar2(100); begin for i in 1..32 loop sqltext1 := 'create user test'||i||' identified by test'||i; sqltext2 := 'grant sysdba to test'||i; execute immediate sqltext1; execute immediate sqltext2; end loop; end;
执行结果如下:
declare * ERROR at line 1: ORA-01996: GRANT failed: password file '/u01/app/oracle/product/11.2.0.1/db_1/dbs/orapworcl' is full ORA-06512: at line 10
创建32个用户并赋予sysdba权限竟然没有成功。
四、查看创建成功的用户和被赋予sysdba权限的用户
SQL> select username from dba_users where username like 'TEST%'; USERNAME ------------------------------ TEST4 TEST5 TEST2 TEST1 TEST3 6 rows selected. SQL> select username from v$pwfile_users where username !='SYS' and sysdba='TRUE'; USERNAME ------------------------------ TEST1 TEST2 TEST3 TEST4
发现只成功创建了5个用户且只有4个用户被赋予sysdba权限。
难道官方文档关于entries的说明有误?将operating system block size is 512 bytes作为关键字在百度上搜了下,原来oracle所谓的block size和系统的block size不一致,可根据select distinct lebsz from x$kccle进行查询,lebsz指的是log file的块大小,它也等于操作系统物理扇区大小
Linux: file Block size is selected at the time of high-level formatting。
The log block size is platform. specific, and can be found out using the following query: (size in bytes)
most platforms have log block size of 512, but HPUX has 1k, and tru64 has blocksize of 2k if my memory serves me well.
具体解释可见:http://blog.itpub.net/59069/viewspace-442240/
五、查询Oracle的block size
SQL> select distinct lebsz from x$kccle; LEBSZ ---------- 512
看来,本机的物理扇区大小是512,这也不难解释当entries指定为1的时候,最多只能给4个用户赋予sysdba的权限。
如果是这样的话,那我将entries指定为5,则可以给8个用户赋予sysdba权限,下面来试试。
六、删除上面新建的5个用户
declare sqltext varchar2(100); begin for i in 1..5 loop sqltext := 'drop user test'||i; execute immediate sqltext; end loop; end;
七、重新创建密码文件,将entries指定为5
[oracle@node2 dbs]$ orapwd file=orapworcl password=oracle entries=5 force=y
八、新建8个用户并赋予sysdba权限
declare sqltext1 varchar2(100); sqltext2 varchar2(100); begin for i in 1..8 loop sqltext1 := 'create user test'||i||' identified by test'||i; sqltext2 := 'grant sysdba to test'||i; execute immediate sqltext1; execute immediate sqltext2; end loop; end;
语句执行没有问题
九、新建第9个用户并赋予sysdba权限
SQL> create user test9 identified by test9; User created. SQL> grant sysdba to test9; grant sysdba to test9 * ERROR at line 1: ORA-01996: GRANT failed: password file '/u01/app/oracle/product/11.2.0.1/db_1/dbs/orapworcl' is full
果然出现报错!
由此来看, 官方文档中所说的 “if your operating system block size is 512 bytes, it holds four password entries. The number of password entries allocated is always a multiple of four” 确实没错!