Error on Installation of DB2 /tmp/…: Permission Denied

I haven’t actually personally installed DB2 in about a year. We scripted it out, and I’ve been spoiled to just use the script. But now we have a custom server that varies enough from our standards that I’m installing it manually. The OS is Red Hat 6.2.

db2_install or db2setup

So today when I went to install, I got this error:

 /opt/media/x86_64/DB2/ese/db2/linuxamd64/install/db2setup: line 484: /tmp/db2.tmp.5703/db2/linuxamd64/install//db2chgpath: Permission denied
/opt/media/x86_64/DB2/ese/db2/linuxamd64/install/db2setup: line 815: /tmp/db2.tmp.5703/db2/linuxamd64/install//db2setup_exec: Permission denied
/opt/media/x86_64/DB2/ese/db2/linuxamd64/install/db2setup: line 815: exec: /tmp/db2.tmp.5703/db2/linuxamd64/install//db2setup_exec: cannot execute: Permission denied

It actually sounded pretty straight forward, but I was logged in as root, which should have permssions on everything. When I checked the permissions on /tmp they were pretty wide open.

It didn’t take much time searching to discover the issue, and there are other sources for the solution than my blog, but I thought I’d share it with my readers. Interestingly enough, I ran into the exact error above (including file names) when using both db2_install and db2setup. I also ran into similar errors with similar solutions on both installFixPack and db2_deinstall.

Mabye I’m just late to the game, as I remember someone asking me if I had edited the install scripts at the conference and being just baffled as to why I would ever have to do that. I guess I know now. In any case, the solution is to create your own TMP directory somewhere else. In my case, I ran:

mkdir /db2home/db2inst1/tmp

I then had to go and edit the file it referred to – in the case of the error above, ‘/opt/media/x86_64/DB2/ese/db2/linuxamd64/install/db2setup’ to specify the different path. There’s a variable in there called TMPDIR, and it looks like this:

TMPDIR=${DB2TMPDIR:-/tmp}

I changed that to:

TMPDIR=${DB2TMPDIR:-/db2home/db2inst1/tmp}

When I executed the db2_install again, it was successful.

installFixPack

The error I got for the installFixPack was:

/opt/media/x86_64/DB2/universal/db2/linuxamd64/install/installFixPack: line 249: /tmp/db2.tmp.20614/db2/linuxamd64/install//db2chgpath: Permission denied
/opt/media/x86_64/DB2/universal/db2/linuxamd64/install/installFixPack: line 997: /tmp/installFixPack_exec.20614: Permission denied
/opt/media/x86_64/DB2/universal/db2/linuxamd64/install/installFixPack: line 997: exec: /tmp/installFixPack_exec.20614: cannot execute: Permission denied 

In that case, the same edits were needed to ‘/opt/media/x86_64/DB2/universal/db2/linuxamd64/install/installFixPack’.

db2_deinstall

And the final case where I ran into the issue was with db2_deinstall. That one looked like this:

/opt/ibm/db2/V9.7/install/db2_deinstall: line 1037: /tmp/db2_deinstall_exec.25903: Permission denied
/opt/ibm/db2/V9.7/install/db2_deinstall: line 1037: exec: /tmp/db2_deinstall_exec.25903: cannot execute: Permission denied 

In that case, the file to edit was ‘>/opt/ibm/db2/V9.7/install/db2_deinstall’. The interesting thing about db2_deinstall was that it had not just one but two places where I had to make the same change within the script before it worked.

But, Why?

The entire reason this error occurs is because in some cases, /tmp is mounted with ‘noexec’, which means that no matter what the filesystem permissions look like, no one, including root, can execute things from there. This is a security feature. DB2 is apparently unusual in that it copies things to /tmp before executing them when it is being installed.

If you want more information on the security advantages of mounting /tmp with noexec, check out this discussion: http://serverfault.com/questions/72356/how-useful-is-mounting-tmp-noexec