Db2 users and groups (Linux and UNIX)

The Db2 Setup wizard creates the users and groups automatically (if needed) during the installation of your Db2 database product.

Note: This topic does not apply to non-root installations.

If you are using the Db2 Setup wizard, you can create the following users and groups during installation. To manually create the following users and groups, see Creating group and user IDs for a Db2 database installation (Linux and UNIX). Three users and three groups are used to operate Db2 operating systems.

Instance owner
The Db2 instance is created in the instance owner home directory. This user ID controls all Db2 processes and owns all filesystems and devices used by the databases contained within the instance. The default user is db2inst1 and the default group is db2iadm1.

When using the Db2 Setup wizard, the default action is to create a new user for your Db2 instance. The default name is db2inst1. If that user name already exists, the Db2 Setup wizard searches through user names (db2inst2, db2inst3, and so on). The search continues until a user name is identified that is not already an existing user on the system as the default instance owner ID. If you choose to proceed this user is created by the Db2 Setup wizard. However, you also have a choice to specify any existing user as the instance owner.

This method for user name creation also applies to the creation of fenced users and Db2 administration server users.

Fenced user
The fenced user is used to run user defined functions (UDFs) and stored procedures outside of the address space used by the Db2 database. The default user is db2fenc1 and the default group is db2fadm1. If you do not need this level of security, for example in a test environment, you can use your instance owner as your fenced user.
Db2 administration server user
The user ID for the Db2 administration server user is used to run the Db2 administration server (DAS) on your system. The default user is dasusr1 and the default group is dasadm1.

There is only one DAS per computer. One DAS services one or more database instances, including database instances that belong to different installations. The DAS can service database instances whose release level is lower than the release level of the DAS. However, for database instances whose release level is higher than the release level of the DAS, the DAS must be migrated to a higher level. The DAS release level must be as high (or higher) than the release level of any of the database instances it services.

Important: The Db2 Administration Server (DAS) has been deprecated in Version 9.7 and might be removed in a future release. The DAS is not supported in Db2 pureScaleĀ® environments. Use software programs that use the Secure Shell protocol for remote administration. For more information, see Db2 administration server (DAS) has been deprecated .

User ID restrictions

The User IDs used for the Instance Owner, the Fenced User, and the DAS User have the following restrictions and requirements:
  • Must be in a primary group other than guests, admins, users, and local
  • Can include lowercase letters (a-z), numbers (0-9), and the underscore character ( _ )
  • Cannot be longer than 8 characters
  • Cannot begin with IBM, SYS, SQL, or a number
  • Cannot be a Db2 reserved word (USERS, ADMINS, GUESTS, PUBLIC, or LOCAL), or an SQL reserved word
  • Cannot use any User IDs with root privilege for the Db2 instance ID, DAS ID, or fenced ID.
  • Cannot include accented characters
  • If existing user IDs are specified instead of creating new user IDs, make sure that the user IDs:
    • Are not locked
    • Have passwords that are not locked