0

There is some requirement that I need to run the export command in Java via JDBC. Hence below is the command I execute

CALL SYSPROC.ADMIN_CMD('EXPORT TO /tmp/header.csv OF DEL SELECT * FROM MYTABLE');

However, when I ssh login to the database server via db2inst1, I checked the /tmp/header.csv is own by db2fenc1 user, which not allow me to delete but read-only access as shown below:

[db2inst1@26ea60b7e4a1 /]$ ls -lrt /tmp/header.csv 
-rw-r--r-- 1 db2fenc1 db2fadm1 24335 Nov 12 12:25 /tmp/header.csv

May I know how to execute ADMIN_CMD as db2inst1? Or any other workaround?

mustaccio
28.7k24 gold badges60 silver badges77 bronze badges
asked Nov 12, 2019 at 13:05

1 Answer 1

0

This is by design; ADMIN_CMD and other fenced routines execute using the fenced user authority in order to protect ("fence") the instance from buggy or malicious code.

Some people set the fenced user to the instance owner ID during the instance creation, which would cause fenced routines to run with the instance owner authority. However, this creates a serious security vulnerability.

It's better to ask your system administrator to allow the instance owner limited sudo or runuser rights to execute the necessary commands as db2fenc1.

answered Nov 12, 2019 at 14:01

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.