| Author |
Message
|
| yaakovd |
 Posted: Fri Sep 12, 2008 8:47 am Post subject: file permission on AIX using File node |
 |
|
Partisan
Joined: 20 Jan 2003
Posts: 319
Location: Israel
|
Hi
I'm creating files on AIX (MB 6.1) using file output node.
Permission given by MB is:
-rw-rw---- mbadmin mqm.
I need this file read by another user. I allways can add this user to group mqm, but can I create the file with another permission?
thanks
_________________
Best regards.
Yaakov
SWG, IBM Commerce, Israel |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Fri Sep 12, 2008 10:10 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
chmod o+r filename 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| yaakovd |
| Posted: Fri Sep 12, 2008 11:17 am Post subject: |
|
|
Partisan
Joined: 20 Jan 2003
Posts: 319
Location: Israel
|
surprise 
but I'm talking about control from MB... without additional scripting...
_________________
Best regards.
Yaakov
SWG, IBM Commerce, Israel |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Sep 12, 2008 11:54 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Well you might have to change the uumask of the wbrk service userid to allow read for everybody by default.... 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| yaakovd |
| Posted: Fri Sep 12, 2008 11:21 pm Post subject: |
|
|
Partisan
Joined: 20 Jan 2003
Posts: 319
Location: Israel
|
yep... I'll try. will check local security policy. Thanks.
_________________
Best regards.
Yaakov
SWG, IBM Commerce, Israel |
|
| Back to top |
|
|
| yaakovd |
| Posted: Sat Sep 13, 2008 10:36 pm Post subject: |
|
|
Partisan
Joined: 20 Jan 2003
Posts: 319
Location: Israel
|
Found APAR IZ07456: BROKER IGNORES USERS UMASK
USERS AFFECTED: Those users of WebSphere Message Broker Version 6 writing output files from Java on Unix and Linux.
| Code: |
Websphere Message Broker has been modified so that if the
umask is below 6 and the environment variable MQSI_UMASK_COPY
is set to any non empty string, then the current umask will
be honoured.
In these conditions all files created by the broker including
its own internal files will be given permissions according to
the local users umask. It is the Unix System Administrators
responsibility to ensure that if the umask is set to allow
world acces then these files are not then overwritten by other
users. |
tried add MQSI_UMASK_COPY=022 to mqsiprofile. It is not helps...
As well changing umask of MB user.
Any idea?
_________________
Best regards.
Yaakov
SWG, IBM Commerce, Israel |
|
| Back to top |
|
|
| paranoid221 |
| Posted: Mon Sep 15, 2008 8:56 am Post subject: |
|
|
Centurion
Joined: 03 Apr 2006
Posts: 101
Location: USA
|
I think you can.
You'd have to use a JavaCompute node in your flow right after the FileOutput node and write code to execute OS commands from Java by making use of the java.lang.Runtime API.
http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Runtime.html
and execute OS commands using the exec() method.
You'd basically have to pass the complete chmod command for changing the file permissions in UNIX to the exec() method as a string.
And of course you have to add few other lines of code to handle exceptions.
On the flip side, I can bet that there is going to be some resistance (especially security team) from the evangelists at your place on this type of implementation. I do partly agree with them that this is not a very elegant method.
Let me know how it goes.
_________________
LIFE is a series of complex calculations, somewhere multiplied by ZERO. |
|
| Back to top |
|
|
| yaakovd |
| Posted: Mon Sep 15, 2008 1:35 pm Post subject: |
|
|
Partisan
Joined: 20 Jan 2003
Posts: 319
Location: Israel
|
Of course, but I prefer and expect this basic functionality to be supported by MB.
I opened PMR 34806,003,756 for this problem.
_________________
Best regards.
Yaakov
SWG, IBM Commerce, Israel |
|
| Back to top |
|
|
|
|
