Would anybody know the minimum permissions for the system
administrator account on AIX for DB2 UDB? TIA.

mcgillivrayk@prodigy.net (Keith) writes:

> Would anybody know the minimum permissions for the system
> administrator account on AIX for DB2 UDB? TIA.

When you install DB2 on AIX, (essentially) all the "goodies" get
installed in /usr/lpp/db2 ( blah blah blah ).

When you create an instance on *nix, you either provide an existing
user id (and group) , or have the install create them for you.

An instance (there can be more than one ) is 'created' in the instance
owner's home directory. This involves copying the necessary stuff from
/usr/lpp/db2... to ~/sqllib , and creating symbolic links for the
rest, and possibly some other magic that we don't really care about
right now.

Therefore the instance owner's userid has (almost) all the
permissions it needs to manage the databases and db objects created
therein. By default, databases are created in a sub-directory of the
instance id's home directory. If you ask DB2 to create them elsewhere,
say in /tmp, you'll have to use the root id to give the db2 instance
owner the appropiate file system permissions ... probably chmod 755
.... but check and make sure.

So, the instance creation sets the appropiate (and _minimum_ )
permissions automagically ... if you "dork around" with these
permissions, you're almost guaranteed to break something :-)

HTH.

--
#include <disclaimer.std> /* I don't speak for IBM ... */
/* Heck, I don't even speak for myself */
/* Don't believe me ? Ask my wife :-) */
Richard D. Latham lathamr@us.ibm.com

lathamr@us.ibm.com (Richard D. Latham) wrote in message news:<7jt47vf7.fsf@us.ibm.com>...
> mcgillivrayk@prodigy.net (Keith) writes:
>
> > Would anybody know the minimum permissions for the system
> > administrator account on AIX for DB2 UDB? TIA.
>
> When you install DB2 on AIX, (essentially) all the "goodies" get
> installed in /usr/lpp/db2 ( blah blah blah ).
>
> When you create an instance on *nix, you either provide an existing
> user id (and group) , or have the install create them for you.
>
> An instance (there can be more than one ) is 'created' in the instance
> owner's home directory. This involves copying the necessary stuff from
> /usr/lpp/db2... to ~/sqllib , and creating symbolic links for the
> rest, and possibly some other magic that we don't really care about
> right now.
>
> Therefore the instance owner's userid has (almost) all the
> permissions it needs to manage the databases and db objects created
> therein. By default, databases are created in a sub-directory of the
> instance id's home directory. If you ask DB2 to create them elsewhere,
> say in /tmp, you'll have to use the root id to give the db2 instance
> owner the appropiate file system permissions ... probably chmod 755
> ... but check and make sure.
>
> So, the instance creation sets the appropiate (and _minimum_ )
> permissions automagically ... if you "dork around" with these
> permissions, you're almost guaranteed to break something :-)
>
> HTH.


Curious about the 755: can it be 750 or is 755 the way it has to be?

mcgillivrayk@prodigy.net (Keith) writes:

> lathamr@us.ibm.com (Richard D. Latham) wrote

< snip >

>>
>> Therefore the instance owner's userid has (almost) all the
>> permissions it needs to manage the databases and db objects created
>> therein. By default, databases are created in a sub-directory of the
>> instance id's home directory. If you ask DB2 to create them elsewhere,
>> say in /tmp, you'll have to use the root id to give the db2 instance
>> owner the appropiate file system permissions ... probably chmod 755
>> ... but check and make sure.
>>
>> So, the instance creation sets the appropiate (and _minimum_ )
>> permissions automagically ... if you "dork around" with these
>> permissions, you're almost guaranteed to break something :-)
>>
>> HTH.
>
>
> Curious about the 755: can it be 750 or is 755 the way it has to be?

Well, neither is right, actually :-) Comsult a real instance
sub-directory with "ls -lR" for the gory details.

Let me reiterate what I said above ... "If you dork around with this,
you're gonna break things".

--
#include <disclaimer.std> /* I don't speak for IBM ... */
/* Heck, I don't even speak for myself */
/* Don't believe me ? Ask my wife :-) */
Richard D. Latham lathamr@us.ibm.com