Administrative Privileges
  The following are the operations that are authorized by the SYSDBA and SYSOPER system privileges:
System Privilege        Operations Authorized
SYSDBA                    Perform STARTUP and SHUTDOWN operations
                          ALTER DATABASE: open, mount, back up, or change character set
                          CREATE DATABASE
                          CREATE SPFILE
                          ARCHIVELOG and RECOVERY
                          Includes the RESTRICTED SESSION privilege
                       Effectively, this system privilege allows a user to connect as user SYS.
 
SYSOPER                   Perform STARTUP and SHUTDOWN operations
                          CREATE SPFILE
                          ALTER DATABASE OPEN/MOUNT/BACKUP
                          ARCHIVELOG and RECOVERY
                          Includes the RESTRICTED SESSION privilege
                       This privilege allows a user to perform basic operational tasks, but without the ability to look at user data.
 
  When you connect with SYSDBA or SYSOPER privileges, you connect with a default schema, not with the schema that is generally associated with your username. For SYSDBA this schema is SYS; for SYSOPER the schema is PUBLIC.

Using ORAPWD
orapwd
Usage: orapwd file=<fname> password=<password> entries=<users>
where
file - name of password file (mand),
password - password for SYS (mand),
entries - maximum number of distinct DBAs and OPERs (opt),
There are no spaces around the equal-to (=) character.

ENTRIES
  This parameter specifies the number of entries that you require the password file to accept. This number corresponds to the number of distinct users allowed to connect to the database as SYSDBA or SYSOPER. The actual number of allowable entries can be higher than the number of users because the ORAPWD utility continues to assign password entries until an operating system block is filled. For example, if your operating system block size is 512 bytes, it holds four password entries. The number of password entries allocated is always multiple of four.

Removing a Password File
Caution:
  Do not remove or modify the password file if you have a database or instance mounted using REMOTE_LOGIN_PASSWORDFILE=EXCLUSIVE (or SHARED). If you do, you will be unable to reconnect remotely using the password file. Even if you replace it, you cannot use the new password file, because the timestamps and checksums will be wrong.

Changing the Password File State
  The password file state is stored in the password file. When you first create a password file, its default state is SHARED. You can change the state of the password file by setting the initialization parameter REMOTE_LOGIN_PASSWORDFILE. When you start up an instance, Oracle retrieves the value of this parameter from the parameter file stored on your client machine. When you mount the database, Oracle compares the value of this parameter to the value stored in the password file. If the values do not match, Oracle overwrites the value stored in the file.