Page 1 of 2 12 LastLast
Results 1 to 15 of 27
  1. #1
    Join Date
    May 2012
    Posts
    155

    Unanswered: Logging in to the instance from other user

    Hallo everyone,

    my name is ratna, so my home-directory is /home/ratna.

    The standard user created during the installation from DB2 Express-C 9.7 is db2inst1. The instance name is also db2inst1.

    As you all know, there is a sample database called SAMPLE. This sample database is located in the instance db2inst1.

    At the moment, I am interacting with this database through the user db2inst1

    Now, I also would like to interact to the instance through the user ratna. In order to do this, I have put the line

    . ~db2inst1/sqllib/db2profile

    in my .profile, so that the file .profile now looks like this:

    # if running bash
    if [ -n "$BASH_VERSION" ]; then
    # include .bashrc if it exists
    if [ -f "$HOME/.bashrc" ]; then
    . "$HOME/.bashrc"
    fi
    fi

    # set PATH so it includes user's private bin if it exists
    if [ -d "$HOME/bin" ] ; then
    PATH="$HOME/bin:$PATH"
    fi
    . ~db2inst1/sqllib/db2profile

    The next step is to add ratna in the group db2iadm1. I tried to do this with the command:
    useradd -u 1004 -g db2iadm1 -m -d /home/db2inst1 ratna

    But it said, ratna exists already.

    Can someone please help? Thanks..

    Regards,
    Ratna

  2. #2
    Join Date
    Apr 2012
    Posts
    1,035
    Provided Answers: 18
    You question is a basic "how to" for Linux (it is not a DB2 question at all).
    Google is your friend here, or any good Linux book.
    Read about the usermod command (to put an existing userid into an existing group)
    or try: man usermod at your shell and study the command line.

  3. #3
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    First you need to add the following lines to your .bashrc file

    # The following three lines have been added by UDB DB2.
    if [ -f /home/db2inst1/sqllib/db2profile ]; then
    . /home/db2inst1/sqllib/db2profile
    fi

    You should notice that the above lines are contained in the .bashrc file for db2inst1 user (added by DB2 when the instance was created).

    Then using the instance owner id grant dbadm authority to ratna (see the GRANT SQL statement).

    If you also need SYSADM in addition to that, you can edit (using root) the /etc/group file directly to add ratna to the db2iadm group. I assume that db2iadm1 is already in the following line in dbm config:

    SYSADM group name (SYSADM_GROUP) = DB2IADM1
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  4. #4
    Join Date
    May 2012
    Posts
    155
    Hallo db2mor and Marcus_A,

    thank you for the comments. So, if I have understood correctly, there is more than one way to get ratna connected to the instance db2inst1.

    As Marcus_A suggested, I could add the 3 lines in the .bashrc file. I actually thought, addition must be done in the other local configuration file .profile

    According to the suggestion from Marcus_A:
    I have now added the 3 lines in the .bashrc file of ratna. Next:
    Then using the instance owner id grant dbadm authority to ratna (see the GRANT SQL statement).

    Regarding this step, I have been searching in internet. I am not sure if I am right:
    grant connect on database to user ratna

    That would be the grant for ratna to connect to SAMPLE? I have a question:
    Where should I run this command? as root in the directory "instance"?

    Thank you.

    Regarding the other alternative to get connected to the instance via ratna:
    db2mor, you are right, my questions were regarding Linux, I understand now how to add user to a group via chmod.

    I would like to learn both ways to get connected to the instance. For now, it is important for me to see the success regarding this. I would like to try both ways. In fact I have "broken" my ubuntu machine to get my aim achieved. I have been installing my ubuntu und DB2 Express-C for 3 times in the last 2 days.

    Thanks for the help.

    Regards,
    Ratna

  5. #5
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    Root has no authority whatsoever inside DB2 (grant, etc) unless it has been granted to it. The instance owner can grant connect and dbadm. You need a copy of the SQL Reference Vol 2, which you can download in PDF format from the IBM website.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  6. #6
    Join Date
    May 2012
    Posts
    155
    Hallo Marcus_A,

    thank you. In the case, it would be the user db2inst1, which is after the default installation the only user in the group SYSADM_GROUP. So, I have to login as db2inst1 and type the following command:

    db2inst1@ratnaslaptop:~$ grant connect, dbadm on database to user ratna

    My brother is using my laptop at the moment, so I can not directly test it, but I hope, it is right.

    Thank you for any upcoming comments.

    Regards,
    Ratna

  7. #7
    Join Date
    Jan 2009
    Posts
    33
    hello,
    use db2 "grant connect,dbadm on database to ratna" after connecting to the db. you will have all teh rights for that database. In case you want to administer the database use root id and edit the group db2iadm from /etc/group using a editor add ratna to the group db2iadm. ensure db2iadm is also your sysadm group in the dbm cfg. Once this is done you will have all the rights similar to db2inst1 for user ratna.

    regards,
    sharath

  8. #8
    Join Date
    Jun 2003
    Location
    Toronto, Canada
    Posts
    5,516
    Provided Answers: 1
    Quote Originally Posted by sharaths_81 View Post
    use root id and edit the group db2iadm from /etc/group
    This is a bad idea. You should use OS tools to manipulate users and groups, e.g. usermod or groupmod.

  9. #9
    Join Date
    Jan 2009
    Posts
    33
    You are right. we do have commands to modify. But taking into consideration of the requestor's question I suggested since it is simpler and I have not found any different behaviour with respect to both the forms of change.

    Thats the reason I suggested to edit the /etc/group file.

    Ideally the commands suggested by you should be used.

  10. #10
    Join Date
    Apr 2006
    Location
    Belgium
    Posts
    2,514
    Provided Answers: 11
    same remark for this
    # The following three lines have been added by UDB DB2.
    if [ -f /home/db2inst1/sqllib/db2profile ]; then
    . /home/db2inst1/sqllib/db2profile
    fi
    NEVER use the profile of another user. create a client instance for the user and have your own profile, so you are not dependent of any settings for another user..
    Best Regards, Guy Przytula
    Database Software Consultant
    Good DBAs are not formed in a week or a month. They are created little by little, day by day. Protracted and patient effort is needed to develop good DBAs.
    Spoon feeding : To treat (another) in a way that discourages independent thought or action, as by overindulgence.
    DB2 UDB LUW Certified V7-V8-V9-V9.7-V10.1-V10.5 DB Admin - Advanced DBA -Dprop..
    Information Server Datastage Certified
    http://www.infocura.be

  11. #11
    Join Date
    May 2012
    Posts
    155
    Thank you all,

    just one little more question. What does this mean:

    ensure db2iadm is also your sysadm group in the dbm cfg.

    Thank you.

    Regards,
    Ratna

  12. #12
    Join Date
    Jan 2009
    Posts
    33
    check this parameter
    you can use db2 get dbm cfg | grep -i sys and ensure value is db2iadm
    SYSADM group name (SYSADM_GROUP)

    else change it using db2 update dbm cfg using SYSADM_GROUP db2iadm.

    and take a db2 restart.

  13. #13
    Join Date
    May 2012
    Posts
    155
    Hallo sharaths_81,

    I think, this is okay:

    Federated Database System Support (FEDERATED) = NO
    SYSADM group name (SYSADM_GROUP) = DB2IADM1
    SYSCTRL group name (SYSCTRL_GROUP) =
    SYSMAINT group name (SYSMAINT_GROUP) =
    SYSMON group name (SYSMON_GROUP) =
    Priority of agents (AGENTPRI) = SYSTEM

    Regarding this:
    In case you want to administer the database use root id and edit the group db2iadm from /etc/group using a editor add ratna to the group db2iadm

    You mean:
    db2iadm1:x:126:ratna

    Right? One question: why is the user db2inst1 not in the group db2iadm1? Because db2inst1 is already in dasadm? And dasadm users are granted to do everything, so dont need to be in db2iadm1 anymore?

    Thank you very much..

    Regards,
    Ratna

  14. #14
    Join Date
    May 2003
    Location
    USA
    Posts
    5,737
    Quote Originally Posted by ratnalein View Post
    One question: why is the user db2inst1 not in the group db2iadm1? Because db2inst1 is already in dasadm? And dasadm users are granted to do everything, so dont need to be in db2iadm1 anymore?
    dasadm is for the DB2 Administrative Server, used for Control Center, and both are deprecated and will be gone in future releases. It has nothing to do with DBADM authority.

    Regarding whether db2inst1 is in db2iadm1, first check /etc/passwd for the primary group designation for db2inst1. If it is not there, then I cannot answer you question unless I know how you installed DB2 (GUI vs command line) and what values you input during the install.

    This is not a Linux forum. If you don't know how to set up users and groups I would check elsewhere on the Internet. If you have access to a Linux GUI desktop, there are GUI applications for configuring users and groups.
    M. A. Feldman
    IBM Certified DBA on DB2 for Linux, UNIX, and Windows
    IBM Certified DBA on DB2 for z/OS and OS/390

  15. #15
    Join Date
    Aug 2008
    Location
    Toronto, Canada
    Posts
    2,368
    Quote Originally Posted by Marcus_A View Post
    Regarding whether db2inst1 is in db2iadm1, first check /etc/passwd for the primary group designation for db2inst1.
    I noticed the same on some servers, mainly Linux RHAT 5. AIX seems to be ok - I see db2inst1 being part of db2iadm1 in /etc/group on AIX. Not sure why.
    The primary group of db2inst1 is db2iadm1. Example from Linix:

    [db2inst1@xxxxxxxxx ~]$ id db2inst1
    uid=1512(db2inst1) gid=1505(db2iadm1) groups=1505(db2iadm1),1508(candle)

    [db2inst1@xxxxxxxxx ~]$ more /etc/passwd | grep db2inst1
    db2inst1:x:1512:1505::/sis/db2/db2inst1:/bin/bash

    [db2inst1@xxxxxxxxx ~]$ more /etc/group | grep db2iadm1
    db2iadm1:x:1505:bxxxxx,axxxxxx

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •