| Author |
Message
|
| pgorak |
 Posted: Tue Nov 05, 2002 6:51 am Post subject: channel exit programs on UNIX systems |
 |
|
Disciple
Joined: 15 Jul 2002
Posts: 158
Location: Cracow, Poland
|
I'm using send and receive exits on HP-UX. Does anyone know the name of the process inside which the exit's code is actually executed, for both SVR and RQSTR channels?
Thanks for your help,
Piotr |
|
| Back to top |
|
 |
| jlamond |
| Posted: Wed Nov 06, 2002 5:37 am Post subject: |
|
|
Voyager
Joined: 28 May 2002
Posts: 94
Location: Paris
|
If I not wrong, the run under the channel program instance i.e. runmqchl and amqcrsta for tcp/ip and amqcr* for other protocol.
JM
_________________
Jean-Marc |
|
| Back to top |
|
|
| pgorak |
| Posted: Wed Nov 06, 2002 6:17 am Post subject: |
|
|
Disciple
Joined: 15 Jul 2002
Posts: 158
Location: Cracow, Poland
|
Thanks, I guess that's right - I investigated the number and names of processes and it seems that my exit code is executed within runmqchl.
Piotr |
|
| Back to top |
|
|
| jlamond |
| Posted: Wed Nov 06, 2002 6:52 am Post subject: |
|
|
Voyager
Joined: 28 May 2002
Posts: 94
Location: Paris
|
Runmqchl is the process for all sending channel and amqcr* for receiving one.
_________________
Jean-Marc |
|
| Back to top |
|
|
| duffMan |
| Posted: Fri Jun 02, 2006 11:06 am Post subject: |
|
|
Voyager
Joined: 03 Jun 2002
Posts: 75
|
Either I'm not seeing straight or the security for the channel exit is bit peculiar, likely the former.
We have a security exist which reads from a file. This file is located within a subdirectory with the following permissions:
drwxrw-rwx 2 abc mqm 512 Jun 2 10:57 secdata
The actual file to be read by the exist is within the "secdata" directory:
-rw-rw-rwx 1 abc mqm 132 Jun 2 14:38 file.auth
Now the process runmqlsr is running under user id "abc", and the process runmqchi and the qmgr itself are all also running under user "abc".
However the exit program failed with a read error on file "file.auth".
User "abc" has full authorization to read from that file outside the exit. When we changed the directory permissions on "secdata" to:
drwxrwxrwx 2 abc mqm 512 Jun 2 10:57 secdata
then the security exit worked.
From what I can see only group "mqm" would not be able to get to the file because original permissions on the directory "secdata" did not permit "x" on the directory "secdata" to the group "mqm". BUT I thought the security exit would run as user "abc", which would have full authority. UNLESS the security exit uses "abc"'s primary group for permissions which was "mqm".
So...I'm now not sure what id or group is used while running an channel exit. |
|
| Back to top |
|
|
| jefflowrey |
| Posted: Fri Jun 02, 2006 11:15 am Post subject: |
|
|
Grand Poobah
Joined: 16 Oct 2002
Posts: 19981
|
Exits run inside the queue manager processes. In the case of channel exits, they run inside the channel processes. These always run as the mqm user, as far as I know.
At least, I don't know of any way to change what user runs the channel processes. Unless maybe manually starting a chinit under a different user, but then you'd have to make sure the user was in mqm.
Since the mqm user is not the abc user, the exit was forced to use the group permissions - which were denied.
_________________
I am *not* the model of the modern major general. |
|
| Back to top |
|
|
|
|
