I'm a fairly new AIX admin (disclaimer).
We have SQL scripts written by end users that use a userid and passwd to connect to our DB2 database.
Is it possible to create an "input file" that contains the db2 connect parameters and yet secure the file from the SQL creator?
i.e., they can "use" the password file, but can't "read" it.
Or is there a better way to skin this cat? (no offfense cat lovers!)
You could write a setuid wrapper client that as root or an admin account can relate their local login to the file owned and only readable by the admin account. What sorts of clients do they use? Command line only, gui?
Sharing an id is not a good idea. Is there still authentication?
You could give them a web service, and the web server only would access the file.
Currently is is only aix command line. Here's some detail:
less qry1.sql
db2 -f pswd
db2 -x "select ...............from............" > extract.out
less pswd
connect to db test user userid using password
-----------------------------------------------------------------------
I want to protect unauthorized aix cmd line users from viewing the pswd file, but need it to be "usable" by the qry.sql script.
Should I just chown for all the sql scripts so the users can't look at them, or is there a way to allow them rwx on their sql scripts, but not the pswd file?
BTW, thanks for your response.