Can the default UNIX service accounts be disabled.

I was wondering if the accounts on a AIX box db2inst1, db2fenc1, and db2as can be disabled?  I figured since these are generic accounts they should be disabled for security purposes, however, I'm not sure if they are required for the system to run or not.

Who is Participating?
gheistConnect With a Mentor Commented:
these accounts are required to run db2 database, just like oracle for oracle or informix for informix. do not blindly disable them. if you are 100% sure you do not use db2, then you have option to deinstall it ( but be very  careful). You can disable remote logins for them or damage password string to efficiently prevent remote login, but not much more.
As far as I'm aware, they aren't  "system" accounts - More likely they are generic Database users (IBMs db2 database?) so you would need to check with a DBA

It may be that you can disable logins or lock them, but I wouldn't delete them without checking.
Actually, there's a specific DB2 area -
cpc2004Connect With a Mentor Commented:
db2fenc1 is a userid under which you can run stored procedures and user defined functions; db2inst1 is the instance owner to call a stored procedure. d2fenc1 and db2inst1 can be replaced by another userid. In my installation, we don't have userid db2inst1. You can remove userid db2inst1 and db2fenc1 but db2as is the db2 adminstrator. It had better to keep db2as as during db2 installation userid db2as is the default userid of DB2 Adminstrator.

When I install Db2 version 8, the db2 adminstrator is db2asv8 because I have both version 7 and 8 running in the same system, You can use any userid as DB2 adminstrator during DB2 installation. Don't change userid of DB2 adminstrator at a production environment.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.