Results 1 to 11 of 11
  1. #1
    Join Date
    Aug 2008
    Location
    Toronto, Canada
    Posts
    2,368

    Unanswered: permissions for db2 dir

    How do you set permissions for:

    - instance home dir
    - dir's for tablespace containers
    - dir's for active and archive transaction logs
    - dir's for backup images


    read/write for instance owner
    read for instance's group
    nothing for other


    Does this look ok? Or does "other" need read for the instance home dir?

  2. #2
    Join Date
    Jun 2003
    Location
    Toronto, Canada
    Posts
    5,516
    Provided Answers: 1
    Quote Originally Posted by db2girl View Post
    Or does "other" need read for the instance home dir?
    May be not for the entire home directory (depends on your server defaults), but definitely for sqllib, if only to run db2profile.

  3. #3
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    Normally you create the instance owner and make the primary group of the instance owner to be db2iadm (or similar). The home directory and all database and tablespace mount points are owned by the instance owner before the instance is created. The instance owner permissions to home directory are automatically set correctly when useradd is used to create the user if the primary group is also specified.

    Then when you create the instance, the persmissions should be set correctly for you and the primary group (who will automatically show up in the DBM cfg as SYSADM GROUP, or something like that).

    Backup mount points are different, and are not changed by DB2 once you set them.
    Last edited by Marcus_A; 01-12-12 at 22:51.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  4. #4
    Join Date
    Aug 2008
    Location
    Toronto, Canada
    Posts
    2,368
    All db2 mount points are currently owned by root which is incorrect (building a brand new server). I installed db2 but haven't created the instance yet, waiting for them to correct the instance home dir (they used /home which is not what we need) as well as the permissions for all db2 mount points.

    For tablespaces/logs/backups mount points, I think rw for the instance owner and r for the instance owner's primary group should be correct (ownership would be db2inst1:db2iadm1).

    But I'm not sure how to set instance home mount point (in my example, /sis/db2 is the mount point and /sis/db2/db2inst1 is the home dir) - should "other" have r(ead) for /sis/db2 and/or /sis/db2/db2inst1 before creating an instance? Or change permissions manually for .../sqllib/db2profile as Nick suggested (if not done during db2icrt). Does your instance home mount point or instance home dir have r for "other"?

  5. #5
    Join Date
    Aug 2011
    Posts
    46

  6. #6
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    In the link above, it specifies the following for the home directory of the instance owner:

    For example, the permissions for the instance, db2inst1, in /home are:
    drwxr-xr-x 36 db2inst1 db2grp1 4096 Jun 15 11:13 db2inst1

    These are default permissions assigned to the home directory when the useradd command in Linux (or mkuser in AIX) is used to create the user. Normally, you want the instance owner to be a different mount point than the default home directory for all other users (which may be local disk for the default instead of a SAN mount point you may want to use).
    Last edited by Marcus_A; 01-13-12 at 08:57.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  7. #7
    Join Date
    Aug 2008
    Location
    Toronto, Canada
    Posts
    2,368
    I decided to leave the instance home's permissions unchanged (set as per the manual), but I will have to ensure that this doesn't violate their ITCS104 standards. I redirected all tablespace containers and transaction logs away from the instance home, so I hope the default permissions are ok.

    Thank you.

  8. #8
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    Quote Originally Posted by db2girl View Post
    I decided to leave the instance home's permissions unchanged (set as per the manual), but I will have to ensure that this doesn't violate their ITCS104 standards. I redirected all tablespace containers and transaction logs away from the instance home, so I hope the default permissions are ok.

    Thank you.
    Transaction logs should always be on a different mount than the data, and make sure you tell your storage team that it cannot share any physical spindles with the data, (for redundancy purposes).

    So long as intance owner is the owner of the transaction log mount point (and the others), DB2 will automatically set up the correct permissions underneath the mount point for the various paths.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  9. #9
    Join Date
    Aug 2008
    Location
    Toronto, Canada
    Posts
    2,368
    Based on what I've seen so far, the LUW databases are relatively small (most important databases are all on z/OS). They used one filesystem for the instance home/tablespaces/logs/backups. I'm not sure how many disks there are. iostat is not installed. I found fdisk which shows:

    [root@xxxxxxxxx ~]# fdisk -l

    Disk /dev/sda: 899.6 GB, 899678208000 bytes
    255 heads, 63 sectors/track, 109379 cylinders
    Units = cylinders of 16065 * 512 = 8225280 bytes

    Device Boot Start End Blocks Id System
    /dev/sda1 * 1 13 104391 83 Linux
    /dev/sda2 14 523 4096575 82 Linux swap / Solaris
    /dev/sda3 524 109379 874385820 8e Linux LVM


    Do you know if this means there is only one disk, /dev/sda, divided into 3 partitions? Is there some other command to get disk info on RHEL 5.7?

  10. #10
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    Not sure about your question, but the reason putting them on separate disks is for redundancy, even when they are small enough for there not be a performance issue.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  11. #11
    Join Date
    Aug 2008
    Location
    Toronto, Canada
    Posts
    2,368
    Thanks, I will check with them.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •