Quick Beginnings

Step 2. Creating or Assigning Groups and User IDs

If you want to use an existing user or group ID, you do not need to create new ones at this time. Instead, you can proceed to the next step.

You must perform this step as root.

Create a system administration (SYSADM) group that will be the primary group of the user ID for the instance owner. Any user of the instance owner that belongs to the SYSADM group will have system administrator authority for a given instance.
Next, create a user ID that will be the instance owner. This user ID will be the name of the instance. Make this user's primary group the SYSADM group created above. In our examples, the instance user ID is db2inst1 and the SYSADM group is dbadmin1.

Dedicate the instance owner user ID to that instance's use only. This allows for easier error recovery if a system error occurs.
Use mkgroup to create groups, and mkuser to create users. For example, to create a user ID called db2inst1 which will use dbadmin1 as its primary group and use /home/db2inst1 as its home directory:
```
   mkgroup dbadmin1
   mkuser pgrp=dbadmin1 groups=dbadmin1 home=/home/db2inst1 db2inst1
   passwd db2inst1
```
Create a group and user ID for Fenced User Defined Functions and Stored Procedures.
For example:
```
   mkgroup db2fadm1
   mkuser pgrp=db2fadm1 groups=db2fadm1 home=/home/db2fenc1 db2fenc1
   passwd db2fenc1
```
Fenced User Defined Functions (UDFs) and Stored Procedures will execute under this user and group. The group must be the primary group of the user. The user for Fenced UDFs and Stored Procedures is specified as a parameter of the instance creation script. The group for Fenced UDFs and Stored Procedures is implicitly set to the primary group of this specified user (db2fenc1).

For security reasons, we recommend that you do not use the instance name as the FencedID. However, if you are not planning to use fenced User Defined Functions or Stored Procedures, you can set the FencedID to the instance name instead of creating another user for the FencedID.

Notes:

If you are planning to create the Administration Server, you have to repeat Steps 1 and 2 above to create a user name and group name for the Administration Server. However, for security reasons, we recommend that you do not use the DB2 Instance user name as the user name for the Administration Server.
If existing users and groups have been identified for these purposes, you do not have to create new ones.
In addition to the rules imposed by the operating system for login names and groups, you must also adhere to the rules described in Appendix D. "Naming Rules".

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]

[ DB2 List of Books | Search the DB2 Books ]