| Author |
Message
|
| suraj |
 Posted: Tue Mar 25, 2008 6:34 am Post subject: specify access rights on files created by broker |
 |
|
Acolyte
Joined: 31 Jul 2007
Posts: 56
|
Hi
Environment: unix(AIX)
Broker Version: 6.1
There are 2 situations where files are being written or created from a message flow
1. Using a fileoutput node
2. Using a trace node to log the exceptions in error handling
Now in both cases the access rights on the file are with the userid on which the broker runs.
How do i specify these access rights on the file from the flow to particular userid other than the one on which the broker is configured?
Something like chmod command.. |
|
| Back to top |
|
 |
| jefflowrey |
| Posted: Tue Mar 25, 2008 6:37 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
You can't.
EDIT: You can't do this within Broker itself, other than by using Java code to call out to external OS level functions.
You may be able to adjust things using the umask on the output directory for the FileOutput node.
Don't use Trace node for writing business data to a file.
_________________
I am *not* the model of the modern major general.
Last edited by jefflowrey on Tue Mar 25, 2008 6:50 am; edited 1 time in total |
|
| Back to top |
|
|
| suraj |
| Posted: Tue Mar 25, 2008 6:44 am Post subject: |
|
|
Acolyte
Joined: 31 Jul 2007
Posts: 56
|
i am not much worried about the trace node...
but for the fileoutput node how will applications that run under a different userid access the output file created by the broker then??
Is there any workarround for this?? |
|
| Back to top |
|
|
| suraj |
| Posted: Tue Mar 25, 2008 6:59 am Post subject: |
|
|
Acolyte
Joined: 31 Jul 2007
Posts: 56
|
thanks for the reply...
I am using the trace node only to write out exceptions in error handling flow.. |
|
| Back to top |
|
|
| JLRowe |
| Posted: Tue Mar 25, 2008 9:17 am Post subject: |
|
|
Yatiri
Joined: 25 May 2002
Posts: 664
Location: South East London
|
| suraj wrote: |
i am not much worried about the trace node...
but for the fileoutput node how will applications that run under a different userid access the output file created by the broker then??
Is there any workarround for this?? |
By setting the primary group of the broker userid, and setting the umask.
This is not an issue if you know what you are doing |
|
| Back to top |
|
|
| suraj |
| Posted: Tue Mar 25, 2008 9:28 am Post subject: |
|
|
Acolyte
Joined: 31 Jul 2007
Posts: 56
|
Sorry.. I dint exactly get what you are trying to say..
Can you please elaborate a bit? |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Mar 25, 2008 12:10 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| suraj wrote: |
Sorry.. I dint exactly get what you are trying to say..
Can you please elaborate a bit? |
Show the response to your Unix admin, and ask him.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| JosephGramig |
| Posted: Tue Mar 25, 2008 1:21 pm Post subject: |
|
|
Grand Master
Joined: 09 Feb 2006
Posts: 1244
Location: Gold Coast of Florida, USA
|
The primary group of the broker service ID should be mqm. Every MQ object the broker creates will have an implicit permission granted to its primary group. Cleanliness is next to Godliness.
The broker could write to the apps directory (via a symlink if need be) and the apps directory could have the g+s set so it has the apps group ownership. Of course, the broker service ID needs permission to write to the directory.
This is purely a UNIX permissions exercise. Consult with your UNIX admin.
_________________
Joseph
Administrator - IBM WebSphere MQ (WMQ) V6.0, IBM WebSphere Message Broker (WMB) V6.1 & V6.0
Solution Designer - WMQ V6.0
Solution Developer - WMB V6.1 & V6.0, WMQ V5.3 |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Tue Mar 25, 2008 1:30 pm Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
| JosephGramig wrote: |
| This is purely a UNIX permissions exercise. Consult with your UNIX admin. |
Which may even be a "she", rather than a "he".
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
| Vitor |
| Posted: Tue Mar 25, 2008 2:43 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| jefflowrey wrote: |
| JosephGramig wrote: |
| This is purely a UNIX permissions exercise. Consult with your UNIX admin. |
Which may even be a "she", rather than a "he". |
I'm rightly chastised, and will beat myself with the Trout of Equality.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| suraj |
| Posted: Wed Mar 26, 2008 5:48 am Post subject: |
|
|
Acolyte
Joined: 31 Jul 2007
Posts: 56
|
| Thanks eveyone for your responses!! |
|
| Back to top |
|
|
|
|
