Creating required users for a Db2 pureScale Feature installation

A Db2 pureScale environment requires a user ID for the instance owner, a non-root user ID to use a secure shell (SSH) network protocol between hosts, and another to run fenced user-defined functions or procedures. If you use the Db2 Setup wizard to install the Db2 pureScale Feature, the required users are created as part of the installation. Otherwise, you must create the users manually. These users are required on all servers hosting a cluster caching facility or member. Each user must be configured to have the same user settings and password as the same user on all other servers.

Before you begin

  • You must have root user authority to create users and groups.
  • If you manage users and groups with security software, additional steps might be required when defining Db2 database users and groups.

About this task

You need these users to create the Db2 pureScale instance:
  • One user for the instance owner
  • A non-root user ID to use a secure shell (SSH) network protocol between hosts in a Db2 pureScale cluster (this user ID can default to be the instance owner)
  • One user for the fenced user
For the instance owner and the fenced user, specify two distinct users that are members of separate groups. You can use existing users and groups, or have them created on your behalf by the installation. If you want the users to be created for you during the installation, the users and groups must not exist on any of the hosts. To use existing users, both users must exist on all the hosts with the same user ID (UID), group ID (GID), and HOME directory before installation.

A Db2 managed IBM Spectrum Scale requires a non-root user ID to SSH between hosts in the Db2 pureScale cluster. The user ID must be a user without special privileges. It is used by the root account on the local host to execute commands as root on a remote host in the same cluster. This user ID must be created on all hosts.

The user and group names used in this task are the defaults, and are documented in the following table. You can specify your own user and group names as long as they adhere to your system naming rules and Db2 naming rules.

Table 1. Default users and groups
Required user User name Group name
Instance owner db2sdin1 db2iadm1
Fenced user db2sdfe1 db2fadm1
Non-root user ID to SSH between hosts db2ssh1 db2iadm1

If you plan to use the Db2 Setup wizard to install your Db2 database product, the Db2 Setup wizard creates these users for you.


Restrictions

The user names you create must conform to both to the naming rules of your operating system, and to the rules of the Db2 database system.

Procedure

To create these users, perform the following steps:

  1. Log on to a host.
  2. Create a group for the instance owner and a group for fenced users to run user-defined functions (UDFs) or stored procedures.
    Before adding the groups on the first host, select a group ID for each group that does not exist on any of the servers.
    Operating System Step
    AIX® Run the mkgroup command with the id parameter to create the groups db2iadm1 and db2fadm1 with the group ID 999 and 998:
    mkgroup id=999 db2iadm1
    mkgroup id=998 db2fadm1
    
    Linux® Run groupadd --gid option to create the groups db2iadm1 and db2fadm1 with the group identifiers 999 and 998:
    groupadd --gid 999 db2iadm1
    groupadd --gid 998 db2fadm1
    
  3. Create a user that belongs to each group that you created in the previous step.
    Before adding the users on the first host, choose user ID numbers for both users that do not exist on any of the servers.
    Operating System Step
    AIX Run mkuser to create each user and configure user ID (id), the primary group for the user (pgrp), the complete list of groups the user belongs to (groups), and the home directory of user (home).
    mkuser id=1004 pgrp=db2iadm1 groups=db2iadm1 home=/db2home/db2sdin1 core=-1 data=491519 stack=32767 rss=-1 fsize=-1 db2sdin1
    mkuser id=1003 pgrp=db2fadm1 groups=db2fadm1 home=/db2home/db2sdfe1 db2sdfe1 
    
    Linux Run useradd to create each user, assign the user ID, group, and create the home directory for the user.
    useradd --uid 1004 -g db2iadm1 -m -d /db2home/db2sdin1 db2sdin1
    useradd --uid 1003 -g db2fadm1 -m -d /db2home/db2sdfe1 db2sdfe1
    
    This example uses the default instance owner user name, db2sdin1, and the default fenced user name, db2sdfe1.
  4. Set an initial password for each user that you created.
    passwd db2sdin1
    passwd db2sdfe1
  5. Log out.
  6. Log back on with each of the two users you created.
    You might be prompted to change the user password for each user because it is the first time the user has logged in.
  7. Log out.
  8. Create the exact same user and group accounts on each computer that will participate in your database environment.