How do you set permissions for:

- instance home dir
- dir's for tablespace containers
- dir's for active and archive transaction logs
- dir's for backup images


read/write for instance owner
read for instance's group
nothing for other


Does this look ok? Or does "other" need read for the instance home dir?

May be not for the entire home directory (depends on your server defaults), but definitely for sqllib, if only to run db2profile.

Normally you create the instance owner and make the primary group of the instance owner to be db2iadm (or similar). The home directory and all database and tablespace mount points are owned by the instance owner before the instance is created. The instance owner permissions to home directory are automatically set correctly when useradd is used to create the user if the primary group is also specified.

Then when you create the instance, the persmissions should be set correctly for you and the primary group (who will automatically show up in the DBM cfg as SYSADM GROUP, or something like that).

Backup mount points are different, and are not changed by DB2 once you set them.

All db2 mount points are currently owned by root which is incorrect (building a brand new server). I installed db2 but haven't created the instance yet, waiting for them to correct the instance home dir (they used /home which is not what we need) as well as the permissions for all db2 mount points.

For tablespaces/logs/backups mount points, I think rw for the instance owner and r for the instance owner's primary group should be correct (ownership would be db2inst1:db2iadm1).

But I'm not sure how to set instance home mount point (in my example, /sis/db2 is the mount point and /sis/db2/db2inst1 is the home dir) - should "other" have r(ead) for /sis/db2 and/or /sis/db2/db2inst1 before creating an instance? Or change permissions manually for .../sqllib/db2profile as Nick suggested (if not done during db2icrt). Does your instance home mount point or instance home dir have r for "other"?

IBM DB2 9.7 for Linux, UNIX and Windows Information Center

In the link above, it specifies the following for the home directory of the instance owner:

For example, the permissions for the instance, db2inst1, in /home are:
drwxr-xr-x 36 db2inst1 db2grp1 4096 Jun 15 11:13 db2inst1

These are default permissions assigned to the home directory when the useradd command in Linux (or mkuser in AIX) is used to create the user. Normally, you want the instance owner to be a different mount point than the default home directory for all other users (which may be local disk for the default instead of a SAN mount point you may want to use).

I decided to leave the instance home's permissions unchanged (set as per the manual), but I will have to ensure that this doesn't violate their ITCS104 standards. I redirected all tablespace containers and transaction logs away from the instance home, so I hope the default permissions are ok.

Thank you.

Transaction logs should always be on a different mount than the data, and make sure you tell your storage team that it cannot share any physical spindles with the data, (for redundancy purposes).

So long as intance owner is the owner of the transaction log mount point (and the others), DB2 will automatically set up the correct permissions underneath the mount point for the various paths.

Based on what I've seen so far, the LUW databases are relatively small (most important databases are all on z/OS). They used one filesystem for the instance home/tablespaces/logs/backups. I'm not sure how many disks there are. iostat is not installed. I found fdisk which shows:

[root@xxxxxxxxx ~]# fdisk -l

Disk /dev/sda: 899.6 GB, 899678208000 bytes
255 heads, 63 sectors/track, 109379 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes

Device Boot Start End Blocks Id System
/dev/sda1 * 1 13 104391 83 Linux
/dev/sda2 14 523 4096575 82 Linux swap / Solaris
/dev/sda3 524 109379 874385820 8e Linux LVM


Do you know if this means there is only one disk, /dev/sda, divided into 3 partitions? Is there some other command to get disk info on RHEL 5.7?

Not sure about your question, but the reason putting them on separate disks is for redundancy, even when they are small enough for there not be a performance issue.

Thanks, I will check with them.