Run the db2rfe command located under the $HOME/sqllib/instance directory, using

the following syntax:

INSTANCENAME=db2inst1 SET_ULIMIT=NO ENABLE_HA=YES RESERVE_REMOTE_CONNECTION=NO **SVCENAME=db2c_db2inst1 **SVCEPORT=50000 RESERVE_TEXT_SEARCH_CONNECTION=YES SVCENAME_TEXT_SEARCH=db2j_db2inst1 SVCEPORT_TEXT_SEARCH=55000

db2rfe –f config_file

where config_file is the configuration file edited in Step 3.

3.4 REQUIRED USER IDS AND GROUPS

Figures 3.1 and 3.2 show that you create several user IDs and user groups that DB2 requires during the Windows install or the root installation on Linux and UNIX. This section discusses the basic requirements of those user IDs and groups, which are different for Windows and Linux and UNIX.

3.4.1 User IDs and Groups Required for Windows

In addition to requiring an installation user ID to install the DB2 product on Windows, to oper- ate DB2 you need two other user IDs.

• The Instance owner owns and controls the DB2 instance.

• The DB2 Administration Server (DAS) user runs the DB2 administration server ser-

vice on your system. The DB2 GUI tools also use this ID to perform administration tasks against the local server database instances and databases.

Table 3.4 describes these user IDs in more detail.

Table 3.4 User IDs and Groups for DB2 on Windows

Installation User ID Instance Owner User ID DAS User ID Authority of

the User ID

A local or domain user account that is part of the administrator group on the server where you are installing DB2 or a non- administrative ID with ele- vated rights to installation. The user right “Access this computer from the network” is required. You can also use the built- in Local System account to run the installation for all products except DB2 Enterprise Edition. If you want to have the DB2 Setup Wizard create a domain user account for the Instance owner or the DAS user, the installation ID must have authority to cre- ate domain user accounts.

A local or domain user account that belongs to the administra- tor group on the server.

A local or domain user account that belongs to the administrator group on the machine. The built-in Local System account can also be used.

3.4.2 IDs and Groups Required for Linux and UNIX

For root installations on Linux and UNIX, you need to sign in as a root user to perform DB2 installation. In addition, you need three users and three groups to operate DB2.

• The DB2 Instance owner is created in the instance user ID home directory. This user

ID controls all DB2 processes and owns all file systems and devices used by the data- bases contained within the instance.

• The Fenced user runs fenced user-defined functions (UDFs) and stored procedures.

Fenced UDFs and stored procedures execute outside of the address space used by the DB2 instance and therefore cannot interfere with the execution of the instance. If you do not need this level of security, you can use the instance owner as your fenced user.

• The same as on Windows, the DAS user runs the DB2 Administration Server process

on your system. This user ID is also used by the DB2 GUI tools to perform administra- tion tasks against the local server database instances and databases.

• Three separate user groups must also be created for the Instance Owner, the Fenced

User, and the DAS user.

Table 3.5 describes these user IDs and groups in more detail.

When to Create It

Before installation. Before installation, or during installation by the DB2 Setup Wizard. Either way, the neces- sary rights will be granted dur- ing the installation process.

Same as Instance Owner User ID.

Rights Granted During Installation

• Act as part of the operat- ing system.

• Debug programs. • Create a token object. • Increase quotas. • Lock pages in memory. • Log on as a service. • Replace a process-level

token.

• Act as part of the operating system.

• Debug programs. • Create a token object. • Increase quotas. • Lock pages in memory. • Log on as a service. • Replace a process-level

token.

Same as Instance Owner User ID.

N O T E Starting in DB2 9, the installation user no longer needs to be part of the Administrators group. You can now install DB2 using a non-administrative ID. Just make sure that a Windows Administrator configures the elevated privileges feature in Windows before installing DB2.

Table 3.4 User IDs and Groups for DB2 on Windows

Installation User ID Instance Owner User ID DAS User ID

V9

Table 3.5 User IDs and Groups Required for Installing DB2 on UNIX Platforms

Instance Owner User ID Fenced User ID DAS User ID When to

Create It

If the system is running NIS or similar security software, and you plan to cre- ate a DB2 instance during the DB2 installation process, then you must create this ID prior to installing DB2. See Section 3.4.3, Creating User IDs and Groups if NIS Is Installed in Your Environment (Linux and UNIX Only), for more information.

Otherwise:

• During installation when using the DB2 Setup Wizard or Silent install. • After installation when using the

db2_install script or native OS

install tool.

Same as Instance Owner User ID.

Same as Instance Owner User ID.

Default User ID Created by DB2 Installer

db2inst1

If db2inst1 already exists, the DB2 installer will then search for the user

db2inst2. If that user doesn’t exist, it

will then create that user. If that user does exist, the DB2 installer will con- tinue its search (db2inst3, db2inst4, and so on) until it finds an available user.

db2fenc1

Uses the same algo- rithm as Instance Owner User ID.

• db2as (AIX only) • dasusr1 (all other Linux/UNIX plat- forms). Uses the same algorithm as Instance Owner User ID. Example Primary Group Name

db2iadm1 db2fadm1 dasadm1

Example Secondary Group Name

dasadm1 Not applicable. db2iadm1

N O T E In the Data Partitioning Feature (DPF) environment, each partition of the database must have the same set of users and groups defined. If the definitions are not the same, a user may not be autho- rized to perform the required actions on some database partitions. Consistency across all partitions is recommended.

3.4.3 Creating User IDs and Groups if NIS Is Installed in Your Environment

(Linux and UNIX Only)

NIS is a secure and robust repository of information about network entities, such as users and

servers, which enables the efficient administration of enterprise client/server networks. Adminis- tration tasks such as adding, removing, and reassigning systems and users are facilitated by modifying information in NIS. NIS+ is a more mature version of NIS with better support for security issues and very large work groups.

If you have NIS or a similar security component installed on your machine, you must create the users and groups listed in Table 3.3 manually before installing DB2, because the DB2 installa- tion scripts attempt to update objects that are under the control of the security packages. NIS prevents DB2 from doing those updates.

Keep the following restrictions in mind if you are using NIS or NIS+.

• You must create groups and users on the NIS server before installing DB2.

• You must add the primary group of the instance owner to the secondary DAS group.

Likewise, you must add the primary DAS group to the secondary group for the instance owner.

• On a DB2 Enterprise system, before you create an instance, you must create an entry

for the instance in the etc/services file. For example, if you want to create an instance for the user db2inst1, you require an entry similar to the following:

DB2_db2inst1 50000/tcp

3.5 SILENT INSTALL USING A RESPONSE FILE

When you need to install DB2 on a number of computers, you may want to install it using a response file to reduce the amount of work involved. With a response file, you can install DB2 unattended. This installation method is available on all DB2 supported platforms.

A response file is a text file with the extension .rsp. It specifies configuration and setup parame- ters such as the destination directory (Windows only) and the products and components to install. It can also be used to:

• Create instances

• Set up global DB2 registry variables • Set up the database manager configuration

Figure 3.20 shows a response file, db2ese.rsp, which can be used to perform a DB2 Enterprise Edition server installation on Windows.

N O T E These considerations hold true for any environment in which an external security program does not allow the DB2 installation or instance creation programs to modify user characteristics.

PROD=ENTERPRISE_SERVER_EDITION