Skip to main content

Limiting RUNMQSC authority for certain users - Middleware News

Limiting RUNMQSC authority for certain users - Middleware News


You want to provide limited access to RUNMQSC for non-mqm users. You want to make sure that they can only DISPLAY information about a queue manager and the queue manager's objects.

Cause

WebSphere MQ is configured so that only "mqm" users can use runmqsc. The runmqsc program is shipped with the following permission settings:

-r-sr-s--- 1 mqm mqm

Resolving the problem

Create a non mqm user

setmqaut -m -t qmgr -p +dsp +connect

Create a copy of runmqsc with execute permission set to all. When the permissions are changed to -r-sr-sr-x this means any user can run runmqsc but when it runs, it runs as user mqm, group mqm due to the Set-user-ID-on-execution and Set-group-ID-on-execution permissions.

cd /var/mqm/qmgrs//@ipcc
chmod +r AMQCLCHL.TAB
chmod +r AMQRFCDA.DAT
Labels:

Comments

  1. UnknownAugust 25, 2013 at 11:09 AM

    If you do this, you are giving full MQ admin rights to everybody. Watch out from whom you're taking advice, esp. online.

    @Karthick: you shouldn't be volunteering advice if you don't know your ass from a hole in the ground.

    ReplyDelete

Post a Comment

adsrerrapop

Popular posts from this blog

IBM Websphere MQ interview Questions Part 5

MQ Series: - It is an IBM web sphere product which is evolved in 1990’s. MQ series does transportation from one point to other. It is an EAI tool (Middle ware) VERSIONS:-5.0, 5.1, 5.3, 6.0, 7.0(new version). The currently using version is 6.2 Note: – MQ series supports more than 35+ operating systems. It is platform Independent. For every OS we have different MQ series software’s. But the functionality of MQ series Default path for installing MQ series is:- C: programfiles\BM\clipse\SDK30 C: programfiles\IBM\WebsphereMQ After installation it will create a group and user. Some middleware technologies are Tibco, SAP XI. MQ series deals with two things, they are OBJECTS, SERVICES. In OBJECTS we have • QUEUES • CHANNELS • PROCESS • AUTHENTICATION • QUERY MANAGER. In SERVICES we have LISTENERS. Objects: – objects are used to handle the transactions with the help of services. QUEUE MANAGER maintains all the objects and services. QUEUE: – it is a database structure ...
139 comments
Read more

IBM Websphere MQ Reason code list / mq reason codes / websphere mq error codes / mq error messages

Reason code list ================= The following is a list of reason codes, in numeric order, providing detailed information to help you understand them, including: * An explanation of the circumstances that have caused the code to be raised * The associated completion code * Suggested programmer actions in response to the code * 0 (0000) (RC0): MQRC_NONE * 900 (0384) (RC900): MQRC_APPL_FIRST * 999 (03E7) (RC999): MQRC_APPL_LAST * 2001 (07D1) (RC2001): MQRC_ALIAS_BASE_Q_TYPE_ERROR * 2002 (07D2) (RC2002): MQRC_ALREADY_CONNECTED * 2003 (07D3) (RC2003): MQRC_BACKED_OUT * 2004 (07D4) (RC2004): MQRC_BUFFER_ERROR * 2005 (07D5) (RC2005): MQRC_BUFFER_LENGTH_ERROR * 2006 (07D6) (RC2006): MQRC_CHAR_ATTR_LENGTH_ERROR * 2007 (07D7) (RC2007): MQRC_CHAR_ATTRS_ERROR * 2008 (07D8) (RC2008): MQRC_CHAR_ATTRS_TOO_SHORT * 2009 (07D9) (RC2009): MQRC_CONNECTION_BROKEN * 2010 (07DA) (RC2010): MQRC_DATA_LENGTH_ERROR * 2011 (07DB) (RC2011): MQRC_DYNAMIC_Q_NAME_ERROR * 2012 (07DC) (RC201...
2 comments
Read more

Installing IBM Integration Bus on Linux - Middleware News

Before you begin Check the readme.html file for any updates to these installation instructions; see the product readmes web page. Check that you have enough memory and disk space; see IBM Integration Bus system requirements. Check that you have completed any prerequisite steps; see Preparing the system. If you are using Red Hat Linux 6.5 with WebKitGTK version webkitgtk.x86_64 1.2.6-5.el6, complete the steps in the following topic to work around problems with the Eclipse SWT browser: IBM Integration Toolkit on RedHat 6.5 crashes with "JVM terminated. Exit code=160" error. If you are using Red Hat Linux 6.x or 7.x, you might need the GTK2 32-bit drivers installed on Linux; for more information, see IBM Integration Toolkit on Linux becomes unresponsive after opening a DFDL or XSD file. If you are using Red Hat Linux 7.1, complete the steps in the following topic to work around problems with the Eclipse SWT browser: Internal web browser in IBM Integration Toolkit ...
19 comments
Read more