One of the reasons db2start and db2stop need to be setuid-root is so
that you do not need to be the instance owner to start/stop the
instance. As long as you're a member in the SYSMAINT_GROUP (dbm
config param), you can issue the db2start/db2stop command, and the
start/stop code will verify the user is authorized to run the command,
then switch over to run as the instance-owning ID. There are also a
few other things done during db2start that require root, like setting
up ulimits, privileges, etc.
If you want to get away from setuid-root files, there's a new non-root feature in 9.5. Using a non-root install, those files will be setuid- instance_owner, instead of setuid-root. There are some limitations to non-root instances though - search for 'non-root' in the 9.5
Information Center (or google 'non-root DB2') for more details.
Cheers,
Liam.
Sysop: | Keyop |
---|---|
Location: | Huddersfield, West Yorkshire, UK |
Users: | 296 |
Nodes: | 16 (2 / 14) |
Uptime: | 71:26:16 |
Calls: | 6,656 |
Calls today: | 2 |
Files: | 12,201 |
Messages: | 5,332,225 |
Posted today: | 1 |