ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » security question about changing mq files/dirs from 666/777

Post new topic  Reply to topic
 security question about changing mq files/dirs from 666/777 « View previous topic :: View next topic » 
Author Message
mikeHT
PostPosted: Mon Jan 08, 2007 2:08 pm    Post subject: security question about changing mq files/dirs from 666/777 Reply with quote

Voyager

Joined: 01 Jul 2005
Posts: 82
Security audit resulted in listing MQ 5.3 the following directories/files which are others rwx. Will there be any impact if changing permissions of following files/directories to 664/775. Thank you.


/var/mqm/ipc/qmgr>ls -ld /var/mqm/errors
drwxrwxrwx 2 mqm mqm 4096 Jun 5 2006 /var/mqm/errors

ls -l /var/mqm/qmgrs/qmgr/errors
-rw-rw-rw- 1 mqm mqm 129953 Dec 16 20:55 AMQERR01.LOG
-rw-rw-rw- 1 mqm mqm 256133 Jun 22 2006 AMQERR02.LOG
-rw-rw-rw- 1 mqm mqm 0 Apr 1 2006 AMQERR03.LOG

/var/mqm/qmgrs/@SYSTEM>ls -lt
total 4
drwxrwxrwx 2 mqm mqm 96 Dec 16 20:55 shmem
drwxrwxrwx 2 mqm mqm 96 Feb 16 2006 errors
drwxrwxrwx 2 mqm mqm 96 Feb 15 2006 esem
drwxrwxrwx 2 mqm mqm 96 Feb 15 2006 isem
drwxrwxrwx 2 mqm mqm 96 Feb 15 2006 msem
drwxrwxrwx 2 mqm mqm 96 Feb 15 2006 ssem

/var/mqm/qmgrs/qmgr>ls -lt
drwxrwxrwx 2 mqm mqm 1024 Dec 16 10:55 errors
drwxrwxrwx 2 mqm mqm 96 Apr 1 2006 zsocketapp

ls -ld /var/mqm/ipc/qmgr/@qmpersist/ssem
drwxrwxrwx 2 mqm mqm 96 Feb 22 2006 /var/mqm/ipc/qmgr/@qmpersist/ssem

/var/mqm/ipc/qmgr/@app>ls -lt
total 0
drwxrwxr-x 2 mqm mqm 96 Dec 11 09:35 esem
drwxrwxr-x 2 mqm mqm 96 Dec 11 09:35 isem
drwxrwxr-x 2 mqm mqm 96 Dec 11 09:35 msem
drwxrwxr-x 3 mqm mqm 96 Dec 11 09:35 shmem
drwxrwxr-x 2 mqm mqm 96 Dec 11 09:35 spipe
drwxrwxrwx 2 mqm mqm 96 Dec 11 09:35 ssem
Back to top
View user's profile Send private message
Nigelg
PostPosted: Tue Jan 09, 2007 1:13 am    Post subject: Reply with quote

Grand Master

Joined: 02 Aug 2004
Posts: 1046
Yes, apps not running under the mqm user ID or group will not work.
_________________
MQSeries.net helps those who help themselves..
Back to top
View user's profile Send private message
Tibor
PostPosted: Tue Jan 09, 2007 2:24 am    Post subject: Reply with quote

Grand Master

Joined: 20 May 2001
Posts: 1033
Location: Hungary
It worked for me:
http://publib.boulder.ibm.com/infocenter/wasinfo/topic/com.ibm.websphere.base.doc/info/aes/ae/tmj_secmqm.html
Back to top
View user's profile Send private message
jefflowrey
PostPosted: Tue Jan 09, 2007 2:29 am    Post subject: Reply with quote

Grand Poobah

Joined: 16 Oct 2002
Posts: 19981
Tibor wrote:
It worked for me:
http://publib.boulder.ibm.com/infocenter/wasinfo/topic/com.ibm.websphere.base.doc/info/aes/ae/tmj_secmqm.html


Quote:
Results
This task has restricted access to the /var/mqm directories and log files needed for WebSphere embedded messaging or WebSphere MQ as the JMS provider, such that only the user ID mqm or members of the mqm user group have write access.

_________________
I am *not* the model of the modern major general.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » security question about changing mq files/dirs from 666/777
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.