AIX Open Source

 View Only

 using sudo command and conect to Db2 database in AIX 7.3

kousuke goto's profile image
kousuke goto posted Fri June 27, 2025 03:49 AM
I have a question about how sudo works in the AIX 7.3
 
We are currently trying to upgrade the system.
After Installing AIX and couple other softwares, We gave it to other team to test it out.
Then, we were told that the sudo command won't work as the current environment.
I'll write the details below.
 
First, here are the sever's version (and Db2's version as well, since it is related to this problem).
Ⅰ.Current Server
IBM Power S922
IBM AIX Standard Edition 7.2.4
IBM Db2 Standard Edition 11.5.4.0
Sudo 1.8 31p1
 
Ⅱ.Upgraded Server
IBM Power S1022s
IBM AIX 7 Standard Edition 7.3.2
IBM Db2 Standard Edition 11.5.9.0
Sudo 1.9.15p5
 
In each envirionments, we executed the following command to connect database using sudo.
(I have to make few things(i.e. user name) vague due to security issue.)
 
$ . /db2/insthome/[INSTANCE]/sqllib/db2profile
 Command Purpose:export db2profile settings to a current user.
 Command result in
  Current Server: export succeed without any errors
  Upgraded Server: export succeed without any errors
 
sudo -u [USER] db2 connect to [DB]
 Command Purpose: connect to DB as a [USER] using sudo
 Command result in
  Current Server: Succeed to Connect to the DB without any errors.
  Upgraded Server: Succeed to Connect to the DB without any errors.
 
sudo -u [USER] db2 "export to /tmp/packages.txt of del select * from syscat.packages"
 Command Purpose: export the table info to a txt file from the DB.
 Command result in
  Current Server: Succeed to Connect to the DB without any errors.
  Upgraded Server: An error occured. Return with SQL1024N(A database connection does not exist).
 
 
I look up at the sudo manual and its release note, but I coudln't find anything related.
 
I also asked this problem to the IBM Db2 software support, and I was told that it's an already known issue.
They said that sometimes when the version of AIX(or ksh inside AIX) is different, it can affect how sudo works.
They also provide me how to avoid this happen.
 
I was wondering if there's a specific way(like configuring sudo setting files or other aix files) to make it work like the current envrionment.
 
Sorry for my poor English. Thank you.
SANGAMESH MALLAYYA's profile image
SANGAMESH MALLAYYA posted Thu July 03, 2025 10:51 AM

Hi Kousuke,

You mentioned it's a known issue and DB2 team provided you workaround to avoid the issue.

Can you provide more information on the known issue and the workaround ?

kousuke goto's profile image
kousuke goto posted Thu July 03, 2025 09:19 PM
Hello Sangamesh,
 
The workaround they provided is in the link below. I'll summarize it below.
(It seems there's only Japanese page for this IBM support document. Maybe it's something local)
https://www.ibm.com/support/pages/db2-su-%E3%82%B3%E3%83%9E%E3%83%B3%E3%83%89%E3%81%8B%E3%82%89-clp-%E3%82%B9%E3%82%AF%E3%83%AA%E3%83%97%E3%83%88%E3%82%92%E5%AE%9F%E8%A1%8C%E3%81%99%E3%82%8B%E6%96%B9%E6%B3%95
 
■About the issue
After using su command, db2 command may fail(SQL1024N) when trying to execute more than two commands.
(The original document refers to "su" command, but Db2 teams says it's an issue of "sudo" command as well.)
 
When multiple db2 commands are executed,whether or not the same shell is used depends on the operating system and the shell being invoked (ksh, bash, etc.). 
And this difference of OS or shell may cause CLP to not work as expected.
 
■Solution
The solution is to make a shell script and execute that shell using sudo command.
 
In my case for example, I want to execute the following db2 command.
sudo -u [USER] db2 connect to [DB]
sudo -u [USER] db2 "export to /tmp/packages.txt of del select * from syscat.packages"
 
So I have to make a shell like this;
--Db2commands.sh--
db2 connect to [DB]
db2 "export to /tmp/packages.txt of del select * from syscat.packages"
 
and then execute this shell using sudo will solve the issue.
$ sudo -u [USER] -c Db2commands.sh
kousuke goto's profile image
kousuke goto posted Tue July 22, 2025 06:04 AM
Hello,
 
I asked this issue to a sudo community, and they give me the answer.
 
The sudo's internal structure has changed, and I have to put this option for sudo to run as the previous version.
--
Defaults !use_pty
--
 
They said that the sudo ver1.9.14 and later version changed how sudo execute the command.
From 1.9.14, the sudo runs the command in a pseudo-terminal by default.
And I have to put the setting in a /etc/sudoers file in order to function as earlier versions.
 
Now it worked just as I expected!

Related Content