Db2 On Premise and Cloud

Expand all | Collapse all

docker image with extra user

  • 1.  docker image with extra user

    Posted Tue September 10, 2019 08:34 AM
    Hi,

    So when I start up the official docker image a db2inst1 user is created automatically and also a database if I want to, which is all great.
    But I do need an additional user that has access to the created database. If I read that correctly DB2 uses host users for user management, so do I have to create a host user in the docker host manually and then assign database privileges to that user?

    Or is there a better way to do that?

    Thanks,
    Sven

    ------------------------------
    Sven Richter
    ------------------------------


  • 2.  RE: docker image with extra user

    Posted Wed September 25, 2019 12:41 PM
    DB2 on Linux can read a pam configuration. You can verify by running  db2set DB2AUTH, it should return OSAUTHDB.

    You will need to create a /etc/pam.d/db2 file with the following contents:

    auth       include      system-auth
    account    include      system-auth
    password   include      system-auth
    session    include      system-auth​
    This will tell DB2 to use the REHL pam.d system-auth configuration.

    Now just create a user in db2 matching username that can log into the server. Then you can log into db2 using that user's credentials.

    You will need to create a user in the dockerfile/swarm yaml. Or create a shell script that creates the user and copy into /var/custom/. This will run the script automatically.

    ------------------------------
    Kevin Chan
    ------------------------------



  • 3.  RE: docker image with extra user

    Posted Wed September 25, 2019 12:41 PM
    You will need to create a user inside the docker container then create a matching user in the db2 instance.

    To do manually:
    1. docker exec [container] bash
    2. useradd -s /bin/bash newuser
    3. passwd newuser
    4. su - ${DB2INSTANCEUSER]
    5. db2 "create user newuser"
    6. run grants as needed

    Now you can log into the database with the newuser credentials.

    ------------------------------
    Kevin Chan
    ------------------------------