DB2 - Problem description
Problem IC75539 | Status: Closed |
WHEN DB2 AUDIT IS ENABLED, RUNNING A SETUID APPLICATION COULD RESULT IN AUDIT LOGGING FAILURE | |
product: | |
DB2 FOR LUW / DB2FORLUW / 970 - DB2 | |
Problem description: | |
When logging an audit event on the client side, if the application triggering the audit event is a setuid executable, it's possible for the audit operation to fail if the effective user ID and real user ID of the application are different. The failure is due to how DB2 handles client-side audit events internally. If DB2 audit is enabled, and such an application is run, you will see the following entries in the db2diag.log file: 2011-01-18-21.02.56.810052-360 E149233A416 LEVEL: Error (OS) PID : 4032 TID : 1 PROC : db2aud INSTANCE: db2instv NODE : 000 EDUID : 1 FUNCTION: DB2 UDB, oper system services, sqlorqueInternal, probe:9 MESSAGE : ZRC=0x870F00BB=-2029059909=SQLO_QUE_NO_ACCESS "do not have the access right" CALLED : OS, -, msgrcv OSERR : EACCES (13) "Permission denied" 2011-01-18-21.02.56.811897-360 I149650A382 LEVEL: Error PID : 4032 TID : 1 PROC : db2aud INSTANCE: db2instv NODE : 000 EDUID : 1 FUNCTION: DB2 UDB, bsu security, sqlex_db2aud_main, probe:170 MESSAGE : ZRC=0x870F00BB=-2029059909=SQLO_QUE_NO_ACCESS "do not have the access right" DATA #1 : Hex integer, 4 bytes The db2hpu utility has been known to run into this problem, when run as a non-instance owner user. | |
Problem Summary: | |
**************************************************************** * USERS AFFECTED: * * db2 audit users * **************************************************************** * PROBLEM DESCRIPTION: * * See problem description. * **************************************************************** * RECOMMENDATION: * * Fixed in V97 FP5 * **************************************************************** | |
Local Fix: | |
available fix packs: | |
DB2 Version 9.7 Fix Pack 5 for Linux, UNIX, and Windows | |
Solution | |
Fixed in V97 FP5 | |
Workaround | |
not known / see Local fix | |
Timestamps | |
Date - problem reported : Date - problem closed : Date - last modified : | 04.04.2011 08.12.2011 08.12.2011 |
Problem solved at the following versions (IBM BugInfos) | |
9.7.FP5 | |
Problem solved according to the fixlist(s) of the following version(s) | |
9.7.0.5 |