Post installation tasks in db2

On 2004-04-12, srihari scribbled:

Hai
I have installed db2 8.1 on linux machine. The current db2
users are instance user(db2inst1), fenced user(db2fenc1) and
db2as(administration server). To start using the database do I have
to create additional users or use the database as the instance owner
itself.
I'm not 100% sure about this (most of my DB2 experience is on Windows),
but here goes anyway...

You don't have to create additional users, you should be able to use
DB2 databases as the instance owner. But be aware that the instance
owner will have SYSADM authority (the highest privilege in the DB2
hierarchy of privileges). Hence, like root, it is a user that should be
used sparingly, when necessary.

However, in order to create a database (using the CREATE DATABASE
command), you must be connected to an instance as a user which has
SYSADM (or SYSCTRL) authority - for example, the instance user
(db2inst1).

Note that the creator of a database automatically /and irrevocably/
holds the DBADM authority on that database (which basically permits any
operation against that database).

Also, by default, the CONNECT authority on a database is held by the
PUBLIC group (representing all users). You will probably wish to REVOKE
this and GRANT CONNECT authority to individual users.

1) How do I create db2 users and test a connection from a db2 user.
Assuming that authorization is set to "SERVER" (which it is by
default), then DB2 for Linux/UNIX is (I think) similar to DB2 for
Windows in that DB2 users are authenticated by the Operating System -
that is to say, they are ordinary OS users.

Hence, to create a new user ID you simply add a new user to the OS
(using the useradd command line or whatever you'd normally use).

However, users intended for use with DB2 must follow certain naming
rules. To quote the relevant parts from the DB2 Quick Beginnings for
Linux manual (for DB2 UDB v7), Appendix E - Naming Rules:

* Usernames on UNIX can contain 1 to 8 characters
* Group and instance names can contain 1 to 8 characters
* Names cannot be any of the following:
- USERS
- ADMINS
- GUESTS
- PUBLIC
- LOCAL
* Names cannot begin with:
- IBM
- SQL
- SYS
* Names cannot include accented characters
* In general, when naming users, groups or instances on UNIX, use
lowercase characters

2) If I have to create a new user , to which group do I have to make
him belong. I have three groups (db2iadm1 which has db2inst1, db2fadm1
which has db2fenc1 and db2asgrp which contains db2as)

Please clarify. thanks.

As stated above, you don't /have/ to create a new user, but it is
advisable to do so. I don't think that you have to assign the new user
to any group in particular. However, you should bear in mind the
following quote from the DB2 Administration Guide: Implementation
manual (for DB2 UDB v7), Chapter 5. - Controlling Database Access,
Selecting User IDs and Groups For Your Installation:

"During the installation process, System Administration (SYSADM)
privileges are granted by default to ... [any] valid DB2 username which
belongs to the primary group of the instance owner's user ID.

SYSADM privileges are the most powerful set of privileges available
within DB2... As a result, you may not want all of these users to have
SYSADM privileges by default. DB2 provides the administrator with the
ability to grant and revoke privileges to groups and individual user
IDs."

Hence, I would /strongly/ recommend that when creating new users you do
not make their primary group db2iadm1! I'd recommend creating a
completely new group to hold "ordinary" DB2 users.

Good luck!

HTH, Dave.

--
Dave
Remove "_nospam" for valid e-mail address

"Never underestimate the bandwidth of a station wagon full of CDs doing
a ton down the highway" -- Anon.