IBM Books

Installation and Configuration Supplement

Step 3. Create or Assign Groups and User IDs



Figure car not displayed.
If you want to use an existing user or group ID, you do not need to create new ones at this time. Instead, you can proceed to the next step.


Figure hint not displayed.

If you are using Network Information Services (NIS), NIS+, or any other tools to manage system configuration files, you must perform this step on the master server. After you have completed the following, ensure that the changes have taken effect on all DB2 servers.

You must perform the following as a user with root authority.

  1. Create a group that will be the primary group of the username for the instance owner. Any user that belongs to the SYSADM group will have system administrator authority for a given instance.

    Next, create a username that will be the instance owner. This username will be the name of the instance. Make this user's primary group the SYSADM group you created. In our examples, the instance username is db2inst1 and the SYSADM group is dbadmin1.

    Figure hint not displayed.
    		Dedicate the instance owner user ID to that instance's use only. This allows for easier error recovery if a system error occurs.

  2. Use admintool or groupadd to create groups, and admintool or useradd to create users. For example: 
       groupadd -g 999 dbadmin1
   useradd -g dbadmin1 -u 1004 -d /export/home/db2inst1 -m db2inst1
   passwd db2inst1

  3. Similarly, create a group and user for fenced user defined functions and stored procedures.

    For example: 

       groupadd -g 991 db2fadm1
   useradd -g db2fadm1 -u 1001 -d /export/home/db2fenc1 -m db2fenc1
   passwd db2fenc1

    Fenced user defined functions (UDFs) and stored procedures will execute under this user and group. The group must be the primary group of the user. The user for fenced UDFs and stored procedures is specified as a parameter of the instance creation script. The group for fenced UDFs and stored procedures is implicitly set to the primary group of this specified user (db2fenc1).

For security reasons, we recommend that you do not use the instance name as the FencedID. However, if you are not planning to use fenced user defined functions or stored procedures, you can set the FencedID to the instance name instead of creating another user for the FencedID.

Notes:

  1. You have to repeat Steps 1 and 2 above to create a user name and group name for the Administration Server. You must use different user IDs for the Administration Server and a DB2 instance (for example, db2as and db2inst1). For security reasons, you should not use the primary group of a DB2 instance as the primary group for the user ID for the Administration Server. It is recommended that you create a different group ID (for example, db2asgrp).

  2. In addition to the rules imposed by the operating system for login names and groups, you must also adhere to the rules described in Appendix G. Naming Rules.

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]

[ DB2 List of Books | Search the DB2 Books ]