100 Tech Tips, #62 Finding and Changing the DB2 fenced ID on Unix and Linux

Body

External DB2 LUW routines (stored procedures and user defined functions that are not coded in SQL) often run under the fenced user ID, which is provided when the DB2 instance is created. The authority these routines have on the system is limited to the access the fenced ID has, so it is useful when designing external routines to know the fenced ID. You can find the ID that will run routines by checking the ownership of the .fenced file located in the <INSTHOME>/sqllib/adm directory. Below is an example of the file.

$ ls -al

-r--r--r-- 1 nobody nobody 0 Feb 03 15:44 .fenced

In this example the fenced ID is nobody belonging to the group nobody.

You can change the fenced ID by changing the ownership of the .fenced file. Please note, it will be necessary to stop and start the instance in order for the change to take effect.

You can confirm that the fenced ID has been changed by issuing the ps command and looking for the db2fmp processes. Below is an example.

ps -elf |grep db2fmp

242001 A nobody 573636 458870 0 60 20 10da27b590 6184 * Dec 23 - 0:16 db2fmp ( C )

You may notice other db2fmp processes running on the system under IDs that are not the fenced ID. Only the db2fmp processes running under the fenced ID will be used to run external routines.