Fixes are available
DB2 Version 9.7 Fix Pack 1 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 2 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 3 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 3a for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 4 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 5 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 6 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 7 for Linux, UNIX, and Windows
DB2 Version 9.7 Fix Pack 8 for Linux, UNIX, and Windows
APAR status
Closed as program error.
Error description
In V9.5 we have introduced the integrated high Availability (HA) solution with TSA. This scripts is automatically installed inside the /usr/sbin/rsct/sapolicies/db2 directory. However the files when installed have incorrect file permissions and authorization. Here's the list of files installed... $ ls -ltr /usr/sbin/rsct/sapolicies/db2 total 112 -r-xr-xr-x 1 18597 7777 1312 Aug 27 2007 lockreqprocessed -r-xr-xr-x 1 18597 7777 3617 Aug 27 2007 hadrV95_stop.ksh -r-xr-xr-x 1 18597 7777 3621 Aug 27 2007 hadrV95_start.ksh -r-xr-xr-x 1 18597 7777 2926 Jan 21 2008 db2V95_monitor.ksh -r-xr-xr-x 1 18597 7777 5377 Feb 14 2008 db2V95_start.ksh -r-xr-xr-x 1 18597 7777 4615 Feb 22 2008 mountV95_monitor.ksh -r-xr-xr-x 1 18597 7777 4535 Oct 3 2008 hadrV95_monitor.ksh -r-xr-xr-x 1 18597 7777 4906 Jan 5 2009 mountV95_start.ksh -rw-r--r-- 1 root root 199 Sep 11 12:35 spec
Local fix
Current fix is to manually change the file authorizations to be root/root and file permission should be -r-xr-xr-x.
Problem summary
Users Affected : All Problem Description : Security: Incorrect file permission and authorization for HA scripts when installed via V9.5. Problem can also occur in V9.7. Problem Summary : In V9.5 we have introduced the integrated high Availability (HA) solution with TSA. This scripts is automatically installed inside the /usr/sbin/rsct/sapolicies/db2 directory. However the files when installed have incorrect file permissions and authorization. Here's the list of files installed... $ ls -ltr /usr/sbin/rsct/sapolicies/db2 total 112 -r-xr-xr-x 1 18597 7777 1312 Aug 27 2007 lockreqprocessed -r-xr-xr-x 1 18597 7777 3617 Aug 27 2007 hadrV95_stop.ksh -r-xr-xr-x 1 18597 7777 3621 Aug 27 2007 hadrV95_start.ksh -r-xr-xr-x 1 18597 7777 2926 Jan 21 2008 db2V95_monitor.ksh -r-xr-xr-x 1 18597 7777 5377 Feb 14 2008 db2V95_start.ksh -r-xr-xr-x 1 18597 7777 4615 Feb 22 2008 mountV95_monitor.ksh -r-xr-xr-x 1 18597 7777 4535 Oct 3 2008 hadrV95_monitor.ksh -r-xr-xr-x 1 18597 7777 4906 Jan 5 2009 mountV95_start.ksh -rw-r--r-- 1 root root 199 Sep 11 12:35 spec
Problem conclusion
Problem was first fixed in V9.7 FP1.
Temporary fix
Current workaround is to manually change the file authorizations to be root/root and file permission should be -r-xr-xr-x.
Comments
APAR Information
APAR number
IC63959
Reported component name
DB2 FOR LUW
Reported component ID
DB2FORLUW
Reported release
970
Status
CLOSED PER
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-10-22
Closed date
2009-12-15
Last modified date
2009-12-15
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Modules/Macros
INSTALL
Fix information
Fixed component name
DB2 FOR LUW
Fixed component ID
DB2FORLUW
Applicable component levels
R970 PSN
UP
Rate this page:
Copyright and trademark information
IBM, the IBM logo and ibm.com are trademarks of International Business Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at www.ibm.com/legal/copytrade.shtml.