| Author |
Message
|
| RaviKrG |
 Posted: Sat Jan 17, 2009 2:34 am Post subject: Permission of mq commands on solaris changed |
 |
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Hi, We have installed mq on solaris and it was all working fine but since last two days we are not able to run any mq commands. Not even dspmq, runmqsc or any other
when we try to run any command we get the error "/usr/bin/dspmq: Permission denied"
When we checked the permissions in the path /opt/mqm/bin we found
-rwSr-x--- 1 mqm bin 23344 May 20 2005 dspmqver
-rwSr-x--- 1 mqm bin 10768 May 20 2005 mqver
-rwSr-x--- 1 mqm bin 301456 May 20 2005 amqzxma0_nd
-r-sr-x--- 1 mqm bin 292800 May 20 2005 crtmqm
-rwSr-x--- 1 mqm bin 69992 May 20 2005 dltmqm_nd
-rwxrwxrwx 1 mqm bin 50096 May 20 2005 endmqm
-rwxrwxrwx 1 mqm bin 258328 May 20 2005 strmqm
-rwSr-x--- 1 mqm bin 50152 May 20 2005 setmqprd
-rwSr-x--- 1 mqm bin 27896 May 20 2005 amqzslf0
-rwSr-x--- 1 mqm bin 35856 May 20 2005 dspmqaut
-rwSr-x--- 1 mqm bin 36512 May 20 2005 setmqaut
-rwSr-x--- 1 mqm bin 39152 May 20 2005 dmpmqaut
-rwSr-x--- 1 mqm bin 30928 May 20 2005 rsvmqtrn
-rwSr-x--- 1 mqm bin 36936 May 20 2005 dspmqtrn
-rw-r-xr-x 1 mqm bin 175840 May 20 2005 dspmq
-rwSr-x--- 1 mqm mqm 114440 May 20 2005 amqzmgr0
-rwSr-x--- 1 mqm mqm 54216 May 20 2005 amqzmur0
-rwSr-x--- 1 mqm mqm 72704 May 20 2005 amqzmuc0
-rwSr-x--- 1 mqm bin 32344 May 20 2005 runmqtrm
-rwSr-x--- 1 mqm bin 32328 May 20 2005 runmqtmc
and when checked the path /usr/bin we found
lrwxrwxrwx 1 root other 21 Nov 13 15:37 dspmqtrn -> /opt/mqm/bin/dspmqtrn
lrwxrwxrwx 1 root other 21 Nov 13 15:37 dspmqrte -> /opt/mqm/bin/dspmqrte
lrwxrwxrwx 1 root other 21 Nov 13 15:37 dspmqfls -> /opt/mqm/bin/dspmqfls
lrwxrwxrwx 1 root other 21 Nov 13 15:37 dspmqcsv -> /opt/mqm/bin/dspmqcsv
lrwxrwxrwx 1 root other 21 Nov 13 15:37 dspmqbrk -> /opt/mqm/bin/dspmqbrk
lrwxrwxrwx 1 root other 21 Nov 13 15:37 dspmqaut -> /opt/mqm/bin/dspmqaut
lrwxrwxrwx 1 root other 18 Nov 13 15:37 dspmq -> /opt/mqm/bin/dspmq
lrwxrwxrwx 1 root other 21 Nov 13 15:37 dmpmqlog -> /opt/mqm/bin/dmpmqlog
lrwxrwxrwx 1 root other 21 Nov 13 15:37 dmpmqaut -> /opt/mqm/bin/dmpmqaut
lrwxrwxrwx 1 root other 19 Nov 13 15:37 dltmqm -> /opt/mqm/bin/dltmqm
lrwxrwxrwx 1 root other 21 Nov 13 15:37 dltmqbrk -> /opt/mqm/bin/dltmqbrk
lrwxrwxrwx 1 root other 19 Nov 13 15:37 crtmqm -> /opt/mqm/bin/crtmqm
lrwxrwxrwx 1 root other 21 Nov 13 15:37 crtmqcvx -> /opt/mqm/bin/crtmqcvx
lrwxrwxrwx 1 root other 21 Nov 13 15:37 clrmqbrk -> /opt/mqm/bin/clrmqbrk
lrwxrwxrwx 1 root other 21 Nov 13 15:37 amqzxma0 -> /opt/mqm/bin/amqzxma0
lrwxrwxrwx 1 root other 21 Nov 13 15:37 amqzslf0 -> /opt/mqm/bin/amqzslf0
lrwxrwxrwx 1 root other 21 Nov 13 15:37 amqzlwa0 -> /opt/mqm/bin/amqzlwa0
lrwxrwxrwx 1 root other 21 Nov 13 15:37 amqzlsa0 -> /opt/mqm/bin/amqzlsa0
lrwxrwxrwx 1 root other 21 Nov 13 15:37 amqzllp0 -> /opt/mqm/bin/amqzllp0
We are login to the machine with the mqm user id. Can you please tell what can be the issue here. |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sat Jan 17, 2009 2:47 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
I believe the sticky bit you have is on the wrong side...
It should show
rwxr-s-r--
And who set strmqm and endmqm to be writable by all, and executable by all?
in my solaris directory most show up with
r-sr-s--- mqm:mqm
Get a trout  and hit the over security concious person who did that to you over the head with.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Sat Jan 17, 2009 2:53 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Thanks fjb,
I found those and I think somebody has changed these permission but who has done and why I have no idea.
at present can you please tell how can I get rid of these so that I can have the proper permissions of the command to be run |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Jan 17, 2009 2:56 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| RaviKrG wrote: |
Thanks fjb,
I found those and I think somebody has changed these permission but who has done and why I have no idea.
at present can you please tell how can I get rid of these so that I can have the proper permissions of the command to be run |
The symbolic links are fine.
For the rest my octal is quite rusty so I usually use this:
chmod u-S *
chmod o-w *
chmod ug+rx *
chmod ug+rs *
NOTE to get a true lower case s the permission should already show x.
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Sat Jan 17, 2009 3:05 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Thanks fjb,
I have changed for dspmq
bash-2.05$ ls -ltr dspmq
-rwsr-xr-x 1 mqm bin 175840 May 20 2005 dspmq
Is this right or I need to make any other changes as this is working now.
But I am not sure whether I need to change the permission of all the commnads in /opt/mqm/bin like above |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Sat Jan 17, 2009 3:11 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Also I have found the permission on another system with same environment as
-r-sr-s--- 1 mqm mqm 35768 Mar 7 2007 dspmqaut
-r-sr-s--- 1 mqm mqm 36192 Mar 7 2007 setmqaut
-r-sr-s--- 1 mqm mqm 39080 Mar 7 2007 dmpmqaut
-r-sr-s--- 1 mqm mqm 30864 Mar 7 2007 rsvmqtrn
-r-sr-s--- 1 mqm mqm 36864 Mar 7 2007 dspmqtrn
-r-sr-sr-x 1 mqm mqm 175800 Mar 7 2007 dspmq |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Jan 17, 2009 3:14 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
try
chmod ug+rs,o+rx dspmq
and run it after that.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Sat Jan 17, 2009 3:23 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Thanks fjb, I did the permission chnages as you have said and I got the commands running but I am still trying to find why somebody has to change the commads, and if the commands were not working then WHY ?
Now I have got the permission as
-rwsrwxrwx 1 mqm bin 50096 May 20 2005 endmqm
-rwsrwxrwx 1 mqm bin 258328 May 20 2005 strmqm
-rwsr-x--- 1 mqm bin 50152 May 20 2005 setmqprd
-rwsr-x--- 1 mqm bin 27896 May 20 2005 amqzslf0
-rwsr-x--- 1 mqm bin 35856 May 20 2005 dspmqaut
-rwsr-x--- 1 mqm bin 36512 May 20 2005 setmqaut
-rwsr-x--- 1 mqm bin 39152 May 20 2005 dmpmqaut
-rwsr-x--- 1 mqm bin 30928 May 20 2005 rsvmqtrn
-rwsr-x--- 1 mqm bin 36936 May 20 2005 dspmqtrn
-rwsr-xr-x 1 mqm bin 175840 May 20 2005 dspmq
-rwsr-s--- 1 mqm mqm 114440 May 20 2005 amqzmgr0
-rwsr-s--- 1 mqm mqm 54216 May 20 2005 amqzmur0
-rwsr-s--- 1 mqm mqm 72704 May 20 2005 amqzmuc0
Still I am strugging to get strmqm ans endmqm proper but I am not able to do at present. Trying it out. I think the permission should be
-r-sr-s--- 1 mqm mqm 49936 Mar 7 2007 endmqm
-r-sr-s--- 1 mqm mqm 258608 Mar 7 2007 strmqm
Still I need to do some more work to get my commands be in proper permission |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Jan 17, 2009 3:51 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
for the ones where you have
rws-r-x---
Try
chmod g+s filename
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Sat Jan 17, 2009 4:00 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
| Sorry this did not work out. This has not changed the permission |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Sat Jan 17, 2009 4:04 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Here I am trying to remove "w" but with no success
I think the permission should be
-r-sr-s--- 1 mqm mqm 35768 Mar 7 2007 dspmqaut
but in my case where ever i have "bin" instead of "mqm" the permission is not proper
-rwsr-x--- 1 mqm bin 27896 May 20 2005 amqzslf0 |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Jan 17, 2009 4:24 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
This is what I have:
-r-sr-s--- 1 mqm mqm 20896 Feb 11 2004 amqzslf0
you may have to issue
chgrp mqm amqzslf0
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Sat Jan 17, 2009 4:38 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Thanks fjb, This was done but still I am trying to have "w" removed form the permission of the commands
Thanks. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Jan 17, 2009 5:03 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| RaviKrG wrote: |
Thanks fjb, This was done but still I am trying to have "w" removed form the permission of the commands
Thanks. |
chmod a-w filename
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Sat Jan 17, 2009 5:09 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Thanks fjb this is done but still there are commands which has different permissions as
-r-xr-xr-x 1 mqm mqm 43784 Mar 7 2007 dspmqtrc
and
-r-sr-s--- 1 mqm mqm 18704 Mar 7 2007 runmqsc
now is there a way to distinguish between the command which should have the 1st permission and which should have the second permission.
Also I am still thinking on the issue that what made the person to change the permission here (What could have been the reason that he has played with the permission of these commands.)
Thanks |
|
| Back to top |
|
|
|
|
