One of the reasons db2start and db2stop need to be setuid-root is so
that you do not need to be the instance owner to start/stop the
instance. As long as you're a member in the SYSMAINT_GROUP (dbm
config param), you can issue the db2start/db2stop command, and the
start/stop code will verify the user is authorized to run the command,
then switch over to run as the instance-owning ID. There are also a
few other things done during db2start that require root, like setting
up ulimits, privileges, etc.
If you want to get away from setuid-root files, there's a new non-root feature in 9.5. Using a non-root install, those files will be setuid- instance_owner, instead of setuid-root. There are some limitations to non-root instances though - search for 'non-root' in the 9.5
Information Center (or google 'non-root DB2') for more details.
Cheers,
Liam.

Wow, 12 years later I find this post which answer both of my questions at the same time!
- where the heck db2sysc process is getting ~65k nofile ulimit from
(I already found that db2start has a setuid and root ownership so I was suspecting this has to be it but wasn't sure it would do it on it's own.I was about to start stracing db2start but though I would try to google this first)
- db2stop also has setuid bit and it has "execute" for anyone so I wanted to know if there are other ways db2 is making sure that user is authorized to stop the database (sysmaing_group)

thanks! Internet gives immortality ;)

Gregory

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)