Filter
Top Products
program creates default values for different user IDs and the group. Different
defaults are created, depending on whether you are installing on UNIX
®
or
Windows platforms:
v On UNIX and Linux platforms, if you choose to create a DB2 instance in the
instance setup window, the DB2 database install program creates, by default,
different users for the DAS (dasusr), the instance owner (db2inst), and the
fenced user (db2fenc). Optionally, you can specify different user names
The DB2 database install program appends a number from 1-99 to the default
user name, until a user ID that does not already exist can be created. For
example, if the users db2inst1 and db2inst2 already exist, the DB2 database
install program creates the user db2inst3. If a number greater than 10 is used,
the character portion of the name is truncated in the default user ID. For
example, if the user ID db2fenc9 already exists, the DB2 database install
program truncates the c in the user ID, then appends the 10 (db2fen10).
Truncation does not occur when the numeric value is appended to the default
DAS user (for example, dasusr24).
v On Windows platforms, the DB2 database install program creates, by default, the
user db2admin for the DAS user, the instance owner, and fenced users (you can
specify a different user name during setup, if you want). Unlike UNIX
platforms, no numeric value is appended to the user ID.
To
minimize the risk of a user other than the administrator from learning of the
defaults and using them in an improper fashion within databases and instances,
change the defaults during the install to a new or existing user ID of your choice.
Note: Response file installations do not use default values for user IDs or group
names. These values must be specified in the response file.
Passwords are very important when authenticating users. If no authentication
requirements are set at the operating system level and the database is using the
operating system to authenticate users, users will be allowed to connect. For
example on UNIX operating systems, undefined passwords are treated as NULL.
In this situation, any user without a defined password will be considered to have a
NULL password. From the operating system’s perspective, this is a match and the
user is validated and able to connect to the database. Use passwords at the
operating system level if you want the operating system to do the authentication of
users for your database.
When working with DB2 Data Partitioning Feature (DPF) on UNIX operating
system environments, the DB2 database manager by default uses the rsh utility to
run some commands on remote nodes. The rsh utility transmits passwords in clear
text over the network, which can be a security exposure if the DB2 server is not on
a secure network. You can use the DB2RSHCMD registry variable to set the remote
shell program to a more secure alternative that avoids this exposure. One example
of a more secure alternative is ssh. See the DB2RSHCMD registry variable
documentation for restrictions on remote shell configurations.
After installing the DB2 database manager, also review, and change (if required),
the default privileges that have been granted to users. By default, the installation
process grants system administration (SYSADM) privileges to the following users
on each operating system:
Windows environments A valid DB2 database user name that belongs to
the Administrators group.
Chapter 1. Installation prerequisites 7