You should protect the keystore database file and stash
file with strong file system permission. You should also limit read
and write access to these files.
To assign read access to keystore files for appropriate
users:
Protect the keystore database file and stash file with
strong file system permission. You should also limit
read and write access to those files by using the chmod command
on Linux, AIX®, or Solaris. On Windows, you can use the cacls or Icacls command
to grant or delete permission to these files.
Important: If
you do restrict access to the keystore database and stash files, you
must provide the appropriate version of the db2fmp process on DB2® or the extproc process on Oracle.
These processes enable read access for appropriate users. On Linux, AIX, or Solaris, the user ID that runs the db2fmp
program is the DB2 fenced user
ID. This ID corresponds to the DB2 instance
in which the library server database was created. The user ID of the
Oracle extproc process is the user ID that started Oracle listener.
On Windows, to determine
the user ID that runs db2fmp or extproc, use Windows Task Manager to view the User
Name column entry for the program. On DB2, the db2fmp program has 32-bit and 64-bit
versions. In Linux, AIX, or Solaris 64-bit environments,
these versions of the program are named db2fmp32 and db2fmp.
In Windows 64-bit environments,
these versions of the program are named db2fmp.exe and db2fmp64.exe.
