ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Unable to give sudo access to 'mqsi' commands

Post new topic  Reply to topic
 Unable to give sudo access to 'mqsi' commands « View previous topic :: View next topic » 
Author Message
venkat126
PostPosted: Thu Dec 16, 2010 9:09 am    Post subject: Unable to give sudo access to 'mqsi' commands Reply with quote

Novice

Joined: 23 Aug 2010
Posts: 22
WMB 7, MQ 7, SUSE Linux Enterprise Server 11.

My manager doesn't want me to give out the service user id for broker to the Development team or add their ids to the mqbrkrs group.
So, we tried to give the developers access to some 'mqsi' commands, like mqsilist, mqsichangetrace, etc. by using sudo.
However, even after sudo access is given to these ids to execute the mqsi commands (as the service id), they are not able to execute the commands.

A few screenshots.
Here, e111111 is a dummy developer id. mbadmin is the broker service id.

e111111@dev2:~> sudo -l
User e111111 may run the following commands on this host:
(mbadmin) NOPASSWD: SETENV: /app/mqsi/7.0/bin/mqsilist

e111111@dev2:~> sudo -u mbadmin /app/mqsi/7.0/bin/mqsilist
/app/mqsi/7.0/bin/mqsilist: error while loading shared libraries: libImbCmdLib.so: cannot open shared object file: No such file or directory

e111111@dev2:~> sudo -u mbadmin -i /app/mqsi/7.0/bin/mqsilist
e111111's password:
Sorry, user e111111 is not allowed to execute '/bin/bash /app/mqsi/7.0/bin/mqsilist' as mbadmin on dev2.

Any suggestions?
Back to top
View user's profile Send private message
Vitor
PostPosted: Thu Dec 16, 2010 9:24 am    Post subject: Re: Unable to give sudo access to 'mqsi' commands Reply with quote

Grand High Poobah

Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
venkat126 wrote:
e111111@dev2:~> sudo -u mbadmin /app/mqsi/7.0/bin/mqsilist
/app/mqsi/7.0/bin/mqsilist: error while loading shared libraries: libImbCmdLib.so: cannot open shared object file: No such file or directory


The user has authority, but doesn't have the correct mqsiprofile dotted (or whatever it is in v7)

venkat126 wrote:
e111111@dev2:~> sudo -u mbadmin -i /app/mqsi/7.0/bin/mqsilist
e111111's password:
Sorry, user e111111 is not allowed to execute '/bin/bash /app/mqsi/7.0/bin/mqsilist' as mbadmin on dev2.


I'm not familiar with the -i parameter but it appears to be spinning up a new bash, which the user isn't allowed to do as mbadmin.
_________________
Honesty is the best policy.
Insanity is the best defence.
Back to top
View user's profile Send private message
zpat
PostPosted: Thu Dec 16, 2010 9:30 am    Post subject: Reply with quote

Jedi Council

Joined: 19 May 2001
Posts: 5866
Location: UK
just issue the sudo command - don't start a new shell.
Back to top
View user's profile Send private message
mqjeff
PostPosted: Thu Dec 16, 2010 9:37 am    Post subject: Reply with quote

Grand Master

Joined: 25 Jun 2008
Posts: 17447
Code:
sudo -u mbadmin "/app/mqsi/7.0/bin/mqsiprofile;/app/mqsi/7.0/bin/mqsilist"
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » WebSphere Message Broker (ACE) Support » Unable to give sudo access to 'mqsi' commands
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.