DB2 Version 9.7 for Linux, UNIX, and Windows

DB2 users and groups (Linux and UNIX)

If you are using the DB2 Setup wizard, you can create the following users and groups during installation. To manually create the following users and groups, see Creating group and user IDs for a DB2 database installation (Linux and UNIX). Three users and three groups are used to operate DB2 on Linux® and UNIX® platforms.

Instance owner

The DB2 instance is created in the instance owner home directory. This user ID controls all DB2 processes and owns all filesystems and devices used by the databases contained within the instance. The default user is db2inst1 and the default group is db2iadm1.

When using the DB2 Setup wizard, the default action is to create a new user for your DB2 instance. The default name is db2inst1. If that user name already exists, the DB2 Setup wizard searches through user names (db2inst2, db2inst3, and so on). The search continues until a user name is identified that is not already an existing user on the system as the default instance owner ID. If you choose to proceed this user is created by the DB2 Setup wizard. However, you also have a choice to specify any existing user as the instance owner.

This method for user name creation also applies to the creation of fenced users and DB2 administration server users.

Fenced user

The fenced user is used to run user defined functions (UDFs) and stored procedures outside of the address space used by the DB2 database. The default user is db2fenc1 and the default group is db2fadm1. If you do not need this level of security, for example in a test environment, you can use your instance owner as your fenced user.

DB2 administration server user

The user ID for the DB2 administration server user is used to run the DB2 administration server (DAS) on your system. The default user is dasusr1 and the default group is dasadm1. This user ID is also used by the DB2 GUI tools to perform administration tasks against the local server database instances and databases.

There is only one DAS per computer. One DAS services one or more database instances, including database instances that belong to different installations. The DAS can service database instances whose release level is lower than the release level of the DAS. However, for database instances whose release level is higher than the release level of the DAS, the DAS must be migrated to a higher level. The DAS release level must be as high (or higher) than the release level of any of the database instances it services.

User ID restrictions

User IDs have the following restrictions and requirements:

• Must have a primary group other than guests, admins, users, and local
• Can include lowercase letters (a-z), numbers (0-9), and the underscore character ( _ )
• Cannot be longer than eight characters
• Cannot begin with IBM, SYS, SQL, or a number
• Cannot be a DB2 reserved word (USERS, ADMINS, GUESTS, PUBLIC, or LOCAL), or an SQL reserved word
• Cannot use any User IDs with root privilege for the DB2 instance ID, DAS ID or fenced ID.
• Cannot include accented characters
• If existing user IDs are specified instead of creating new user IDs, make sure that the user IDs:
  • Are not locked
  • Do not have expired passwords