shiva359@gmail.com wrote:

> could someone throw *some light *on * why * do * default
> software *when installed * *( as root * for *creating an instance
> leaves *us with *some *world * *accessable directories & *some *world
> executable * files *& *some *world *readable *files * .

It's largely because, well, DB2 needs to be world readable and world
executable.

Anyone on the system should be able to run DB2. Not just members of
the "bin" group (of which there should be only two: root and bin).

DB2 can't install using db2grp1 as its group because, well, you don't need
to use db2grp1 as your sysadm group. (Especially since it is "db2iadm1" by
default for the first instance.)

Your Unix Audit Team should likely contact IBM for a detailed explanation,
but I'm pretty sure IBM has already vetted these permissions fairly
thoroughly.