sudo

sudo
man sudo
man sudoers

We are currently implementing a SAP landscape which will be using a large-ish number of database servers.
The SAP installer creates a DB2 instance owner of the form db2<SID>.
As we are going to have a large number of servers to administer I wanted:

• A single DBA logon across all servers
  We already use 'oracle' to administer our Oracle instances so 'db2' seemed like a good idea.
• Access to DB2 and SAP commands
• Commands to be logged.

Using sudo lets us do all of that.

1. As root, add these lines to /etc/sudoers using visudo

# Alias for db2 instance user
Runas_Alias    DB = db2inst1
# Allow db2 user to run any command as db2inst1 without entering a password
db2  ALL = (DB) NOPASSWD: ALL

Synax is checked when you save and quit (:wq).
If you see a message like this:

>>> /etc/sudoers: syntax error near line 95 <<<
What now?
Options are:
  (e)dit sudoers file again
  e(x)it without saving changes to sudoers file
  (Q)uit and save changes to sudoers file (DANGER!)

What now?

choose either (e) or (x)., it's not safe to quit and save changes.

2. That's it…
Test it by verifying a backup.

$ sudo -i -u db2inst1 db2ckbkp /u01/db2/db2inst1/sample/backup/SAMPLE.0.db2inst1.NODE0000.CATN0000.20110128050355.001

[1] Buffers processed:  #######

Image Verification Complete - successful.

Note that backup verify is a good test because the db2 backup command creates backup images that are readable only by the instance user, no matter what user ran the backup command.

3. Optionally hide the sudo command by creating an alis

$ alias db2ckbkp='sudo -i -u db2inst1 db2ckbkp'