Users and groups creation requirements

When you create users and groups for your instance, you must assign users and groups with appropriate permissions and add as a member of appropriate groups.

After you create the required users and groups for your instance, you must assign appropriate permissions and add the users in appropriate groups. You must meet the following requirements for user and group IDs:

Windows

• Add the directory server instance owner and the database instance owner as the members of the Administrators group.
• Set a valid locale for the database instance owner must to a language in which you want the server to generate messages. If necessary, log in as the user and change the locale with the appropriate value.

AIX®, Linux®, and Solaris

• Add the root ID as a member of the primary group of the directory server instance owner and the database instance owner.
• Add the root ID as a member of the idsldap group.
• Add the directory server instance owner and the database instance owner as the members of the idsldap group.
• Create home directories for the directory server instance owner and the database instance owner.
• Assign appropriate permissions for the home directory of the directory server instance owner.
  • The user ownership for the instance is the directory server instance owner.
  • The group ownership for the instance is the primary group of directory server instance owner.
  • You must assign read, write, and execute permissions to the home directory for the directory server instance owner and its primary group.
• Assign read, write, and execute access on the location where the database is created for the directory server instance owner and its primary group.
• The directory server instance owner and the database instance owner for a directory server instance can be different users. In such a case, the directory server instance owner must be a member of the database instance owner primary group.
• If directory server instance owner, DB2® instance owner, and database owner are different, they all must to be members of the same group.
• Set the Korn shell script (/usr/bin/ksh) as the login shell of the directory server instance owner, the database instance owner, and the database owner.

You must set the password of the directory server instance owner, the database instance owner, and the database owner correctly and must be ready to use. The password must not be expired or waiting for a first-time validation of any kind. You can verify whether the password is correctly set by accessing telnet on the computer and log in with the user ID and password.

When you configure the database, it is not necessary but customary, to specify the home directory of the database instance owner as the database location. If you specify some other location, the home directory of the database instance owner must contain 3 - 4 MB of space available. DB2 creates links and adds files into the home directory of the database instance owner even though the database itself is elsewhere. If your computer does not contain the required space in the database instance owner home directory, you can add space or change the home directory.