3 non-root/non-administrator installation – IBM Data Server DB2 User Manual
Page 46
32
DB2 Deployment Guide
Administration server user
DB2 Administration server (DAS) provides support for DB2 GUI tools and other
administrative tasks, such as Control Center, Configuration Assistant, and Task
Center. Each physical operating system can have only one DAS created.
Windows security
For Windows environments, an instance owner user and an administration
server user are required for a typical DB2 server deployment.
DB2 products provides extended Windows security features since the DB2
Version 8.2. It is used to protect DB2 files on the Windows system. It does not
change the authentication mechanism. Two additional groups are created in
Windows: DB2USERS and DB2ADMNS. Only users who belong to these groups
have access to the DB2 files on system. This security feature is enabled by
default during the product installation, but group names can be changed.
2.1.3 Non-root/non-Administrator installation
In the past, the root/Administrator account has been the only user who could
perform DB2 product installation and other related tasks such as applying fix
packs and configuring instances. DB2 9.5 introduces the non-root/
non-Administrator installation option for UNIX, Linux, and Windows platforms. It
allows you to install DB2 products without root/Administrator privilege, providing
convenience to application developers, system administrators, and database
administrators.
Non-root installation on UNIX/Linux
Since non-root installation can be performed by someone who does not have
root privilege, it can reduce the system administrator’s time. It is also a more
attractive option for the application developer who normally does not have root
privilege. Independent Software Vendors (ISVs) might also prefer non-root
installation when they are deploying applications that do not require root privilege
yet embed a DB2 product.
Note: The DB2 server side trace should be taken locally in a Windows
environment when it has the extended Windows security feature enabled.
Otherwise, only the application request (AR) function would be traced and
application server (AS) functions will be absent in the trace.