| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| usertrace for none mqbrkrs-users |
« View previous topic :: View next topic » |
| Author |
Message
|
| PieterV |
 Posted: Thu Jul 20, 2006 7:03 am Post subject: usertrace for none mqbrkrs-users |
 |
|
Disciple
Joined: 04 Jan 2006
Posts: 164
Location: Belgium
|
regular users of the Message broker aren't in the mqbrkrs group nor in the mqm group.
they should only be able to create, deploy, debug flows.
so for so good.
but i would also like them to be able to trace their flows.
Therefor they should be able to execute the following commands:
| Code: |
$MQSIDIR/mqsireadlog $BROKER -u -e $EG -o unformatted
$MQSIDIR/mqsiformatlog -iunformatted -o trace$EG
$MQSIDIR/mqsichangetrace $BROKER -u -e $EG -r
|
but if they arent in the mqbrkrs group they receive the following errors:
| Code: |
ld.so.1: mqsireadlog: fatal: libImbCmdLib.so: open failed: No such file or directory
Killed
ld.so.1: mqsiformatlog: fatal: libImbCmdLib.so: open failed: No such file or directory
Killed
ld.so.1: mqsichangetrace: fatal: libImbCmdLib.so: open failed: No such file or directory
Killed
|
adding them to the mqbrkrs group is not an option because then they can stop the broker, i don't trust them enough for those priviliges.
letting them run mqsiprofile doesnt work either, i receive the same errors.
Anybody an idea? |
|
| Back to top |
|
 |
| fschofer |
| Posted: Thu Jul 20, 2006 7:41 am Post subject: |
|
|
Knight
Joined: 02 Jul 2001
Posts: 524
Location: Mainz, Germany
|
Hi,
i once wrote some scripts which were executed from the non mqbrkrs users via sudo commands.
Grretings Frank
Sample:
| Code: |
user script:
sudo -u mqsi /export/home/mqsi/mqsichangetrace.ksh " <Brokername> -u -e <EG Name> -f <Flow Name>I -l debug -c 10000 -r "
mqsi script:
. /opt/wmb6/bin/mqsiprofile
/opt/wmb6/bin/mqsichangetrace $1 $2 $3 $4 $5 $6 $7 $8 $9
sudoers:
User_Alias MQSI = userid,userid,
Cmnd_Alias MQSI_MQSICHANGETRACE = /export/home/mqsi/mqsichangetrace.ksh
MQSI_TRACE ALL=(mqsi) NOPASSWD: MQSI_MQSICHANGETRACE |
|
|
| Back to top |
|
|
| ydsk |
| Posted: Thu Jul 20, 2006 12:23 pm Post subject: |
|
|
Chevalier
Joined: 23 May 2005
Posts: 410
|
In v6 you need to use ACLs.
See the documentation for mqsilistaclentry, mqsicreateaclentry, and configmgrproxy.
Group security will not work in v6 though the documentation says otherwise. In fact the documentation is a bit misleading on this front. Don't know if IBM would ever correct it.
Thanks.
ydsk. |
|
| Back to top |
|
|
| PieterV |
| Posted: Sun Jul 23, 2006 10:47 pm Post subject: |
|
|
Disciple
Joined: 04 Jan 2006
Posts: 164
Location: Belgium
|
|
| Back to top |
|
|
| mqmatt |
| Posted: Mon Jul 24, 2006 12:42 am Post subject: |
|
|
Grand Master
Joined: 04 Aug 2004
Posts: 1213
Location: Hursley, UK
|
| ydsk wrote: |
| Group security will not work in v6 though the documentation says otherwise. In fact the documentation is a bit misleading on this front. Don't know if IBM would ever correct it. |
If you migrate a Config Manager from v2.1 or v5, group ACLs are automatically created for the mqbr* groups. And you can create ACLs for your own groups (although on UNIX platforms you need runtime FP01 to make it work).
This said, if you think the docs are misleading, please drop a note to idrcf@hursley.ibm.com (including the topic number(s)), or use the 'Feedback' link at the end of each topic. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
