Posted in

Resolving the problem – Security and Users

6.5.1.3 Resolving the problem
If you get the error GLPICR122E, the specified directory, /home/dsrdbm01, does not have read, write, and execute permissions for the directory server instance owner dsproxy:
These are four possible solutions to addressing this error:
• Confirm that the root user is a member of the instance owner’s primary group. So, if dsproxy is the instance owner, and idsldap is the primary group of the instance owner, root must also be a member of the idsldap group. The result should be similar to this:
grep -i dsproxy /etc/passwd dsproxy:x:1003:1003::/home/dsproxy:/bin/ksh
grep -i 1003 /etc/group
sdsadm:x:1003:dsproxy,root
This was then fixed using:
usermod -a -G idsldap root
The result is checked using:
groups root
The group change is made and then checked with the commands as follows:
usermod -a -G grrdbm01 dsproxy
groups dsproxy
• We can also confirm that the instance owners .profile has read, write and execute permission. For example, if the instance owner is called dsproxy and it is a member of the idsldap group, then the security from the instance’s home folder permissions and ownership can be checked using the command ls -la. This gives the line as follows:
-rwxr—– 1 dsproxy dsproxy 183 Feb 16 13:50 .profile
This can then be fixed using:
chmod 766 .profile
Which gives:
-rwxrw-rw- 1 dsproxy dsproxy 183 Feb 16 13:50 .profile
• We can then check that the previous instance is properly removed before re-attempting to run idsicrt. The error can be caused if a previous instance was not completely removed. If the db2 instance is still listed in db2ilist, drop the db2 instance using db2idrop:
cd /opt/ibm/sdsV6.4db2
./instance/db2ilist
Then, if required, use the command:
/instance/db2idrop ldapdb2
Check the /home/dsproxy directory. If any of these directories still exist, they can be manually renamed or removed:
ldap32kcont_ldapdb2
sqllib
ldapdb2
idsslapd-ldapdb2
Confirm that the /etc/hosts file contains the correct server’s name and IP address and the server can be pinged. (You made need to add a second network card!)
To see the current Server Hostname, type
hostnamectl

Leave a Reply

Your email address will not be published. Required fields are marked *