IBM Books

Quick Beginnings for DB2 Extended Enterprise Edition for UNIX

Step 3. Create or Assign Groups and User IDs


If you want to use an existing user or group ID, you do not need to create new ones at this time. Instead, you can proceed to the next step.


If you are using Network Information Services (NIS), NIS+, or any other tools to manage system configuration files, you must perform this step on the master server. After you have completed the following, ensure that the changes have taken effect on all DB2 servers.

You must perform the following as a user with root authority.

Create a group that will be the primary group for the user ID that will be the instance owner. When the instance is created, the instance owner and any other user who is a member of this group will have system administrative (SYSADM) authority. The group must be created on every machine that is to be used as a database partition server. The group ID (GID) of the group must be the same on each machine.

Next, create a user ID that will be the instance owner. This user ID will be the name of the instance. The user ID must be created on every machine that is to be used in the partitioned database system. The user ID of the user must be the same on every machine. Make this user's primary group the group that you just created. The instance owner user ID, and any other user who is a member of this group, will be automatically given SYSADM control for the instance.

In the following example, the instance user ID is db2inst1 and the UID 1004. The SYSADM group ID is dbadmin1 and the GID 999.


Dedicate the instance owner user ID to that instance's use only. This allows for easier error recovery if a system error occurs.

  1. Use admintool or groupadd to create groups, and admintool or useradd to create users. For example:
       groupadd -g 999 dbadmin1
       useradd -g dbadmin1 -u 1004 -d /export/home/db2inst1 -m db2inst1
       passwd db2inst1

  2. Similarly, create a group and user for fenced user defined functions and stored procedures.

    For example:

       groupadd -g 991 db2fadm1
       useradd -g db2fadm1 -u 1001 -d /export/home/db2fenc1 -m db2fenc1
       passwd db2fenc1

    Fenced user defined functions (UDFs) and stored procedures will execute under this user and group. The group must be the primary group of the user. The user for fenced UDFs and stored procedures is specified as a parameter of the instance creation script. The group for fenced UDFs and stored procedures is implicitly set to the primary group of this specified user (db2fenc1).

For security reasons, we recommend that you do not use the instance name as the FencedID. However, if you are not planning to use fenced user defined functions or stored procedures, you can set the FencedID to the instance name instead of creating another user for the FencedID.


  1. You have to repeat Steps 1 and 2 above to create a user name and group name for the Administration Server. You must use different user IDs for the Administration Server and a DB2 instance (for example, db2as and db2inst). For security reasons, you should not use the primary group of a DB2 instance as the primary group for the user ID for the Administration Server. It is recommended that you create a different group ID (for example, db2asgrp).

  2. In addition to the rules imposed by the operating system for login names and groups, you must also adhere to the rules described in Appendix F. "Naming Rules".

[ Top of Page | Previous Page | Next Page | Table of Contents | Index ]

[ DB2 List of Books | Search the DB2 Books ]