Sets the permissions for DB2® database
objects (for example, files, directories, network shares, registry
keys and services) on updated DB2 database
system installations.
Command syntax
>>-db2extsec--+-----------------------+------------------------->
'-+-/u-----+--usergroup-'
'-/users-'
>--+-------------------------+--+-----------------------+------->
'-+-/a------+--admingroup-' '-/oldusers--oldusergrp-'
'-/admins-'
>--+------------------------+--+------------------+------------->
'-/oldadmins--oldadmngrp-' '-/file--inputfile-'
>--+----------+--+------------+--+-----------+-----------------><
'-/verbose-' '-+-/r-----+-' '-+-/h----+-'
'-/reset-' +-/help-+
'-?-----'
Command parameters
- /u | /users usergroup
- Specifies the name of the user group to be added. If this option
is not specified, the default DB2 user
group (DB2USERS) is used. The usergroup can be
a local group or a domain group. To specify a local group, you can
specify the group name with or without the machine name. For example, DB2USERS,
or MYWKSTN\DB2USERS. To specify a domain group, you
specify the usergroup in the form of DOMAIN\GROUP.
For example, MYDOMAIN\DB2USERS.
- /a | /admins admingroup
- Specifies the name of the administration group to be added. If
this option is not specified, the default DB2 administration group (DB2ADMNS) is used.
The admingroup can be a local group or a domain
group. To specify a local group, you can specify the group name with
or without the machine name. For example, DB2ADMNS,
or MYWKSTN\DB2ADMNS. To specify a domain group, you
specify the admingroup in the form of DOMAIN\GROUP.
For example, MYDOMAIN\DB2ADMNS.
- Note:
- The following 3 parameters, /oldusers, /oldadmins,
and /file, are required when you are changing
the extended security group names and have file or directory objects
that have been created outside of the default locations (that is,
the install directory or database directories). The db2extsec command
can only change permissions to a known set of DB2 files. If the user had created private DB2 files with extended security,
then the user will need to provide the locations of these file, so
the db2extsec command can change the permissions
on these files with the new extended security group names. The location
of the files are to be supplied in the inputfile using
the /file option.
- /oldusers oldusergrp
- The old DB2 users group
name to be changed.
- /oldadmins oldadmngrp
- The old DB2 admins group
name to be changed.
- /file inputfile
- File listing additional files/directories for which the permissions
need to be updated.
- /verbose
- Output extra information.
- /r | /reset
- Specifies that the changes made by previously running db2extsec should
be reversed. If you specify this option, all other options are ignored.
This option will only work if no other DB2 commands
have been issued since the db2extsec command was
issued.
- /h | /help | ?
- Displays the command help information.
Examples
To enable extended security and
use the domain groups
mydom\db2users and
mydom\db2admns to
protect your DB2 objects:
db2extsec /u mydom\db2users /a mydom\db2admns
To
reset extended security to its previous setting (see
/reset option
above):
db2extsec /reset
To enable extended
security as above, but also change the security group for the files/directories
listed in
c:\mylist.lst from local group
db2admns and
db2users to
domain groups
mydom\db2admns and
mydom\db2users:
db2extsec /users mydom\db2users /admins mydom\db2admns /oldadmins db2admns
/oldusers db2users /file c:\mylist.lst
Note: The format
of the input file is as follows:
* This is a comment
D:\MYBACKUPDIR
D:\MYEXPORTDIR
D:\MYMISCFILE\myfile.dat
* This is another comment
E:\MYOTHERBACKUPDIR * These are more comments
E:\MYOTHEREXPORTDIR