| Author |
Message
|
| s4net |
 Posted: Tue Jul 07, 2009 1:03 pm Post subject: what id to run broker queue manager under |
 |
|
Newbie
Joined: 16 Jul 2008
Posts: 1
|
| When running message broker (on AIX) we have been starting the queue managers under the broker id which is wmbadmin. Some have suggested that we should be running it under the mqm id. Does it matter. There may be some operational reasons account password changes, viewing processes with ps to single out only the broker of mq processes. What is everyone else doing? |
|
| Back to top |
|
 |
| nvenkatesh |
| Posted: Tue Jul 07, 2009 10:13 pm Post subject: |
|
|
Apprentice
Joined: 29 Jan 2007
Posts: 45
|
|
| Back to top |
|
|
| fjb_saper |
| Posted: Tue Jul 07, 2009 11:40 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
The main reason not to run the qmgr under the broker's service id is to keep shared memory separate. The broker does not come with a program like amqiclen. So if you have shutdown all broker related processes and want to clean the share memory allocated to these you can
| Code: |
| ipcs | grep <broker service id> |
You can then pipe the output to some scripts that will create the ipcrm command for you. This way you can clean all the broker related shared memory without hitting any qmgr related stuff.
Have fun 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Jul 08, 2009 1:19 am Post subject: Re: what id to run broker queue manager under |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| s4net wrote: |
| What is everyone else doing? |
Typically use wmbadmin or (for those brokers with a long & honourable history) mqsiuser.
I endorse the valuable comments of my associates. 
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| nvenkatesh |
| Posted: Wed Jul 08, 2009 2:26 am Post subject: |
|
|
Apprentice
Joined: 29 Jan 2007
Posts: 45
|
| fjb_saper wrote: |
| The main reason not to run the qmgr under the broker's service id is to keep shared memory separate. |
In MQSeries for UNIX systems, if a principal in a PRIMARY group is added to the MQM group, then all members of the PRIMARY group inherit the authority of the member added, unless you use SETMQAUT to change the authority of the existing members. It is important to ensure that you do not change the authorization of a principal inadvertently, simply because it belongs to the same primary group as the principal you specified when you changed an authorization.
from http://www-01.ibm.com/software/integration/library/manuals99/amqzag/amqzag2b.htm
Doesnt it mean that the mqm user id and other group members of mqm, here "wmbadmin" have same level of authority including the "shared memory" access ? (I am also assuming that the setmqaut hasnt been run on wmbadmin user to change its MQ permission)
I assume that role of mqm user is to just own the mq runtime files in the file system and protect it from corruption from other users by providing a read only access. Please correct me if I am wrong.
Nevertheless your information on cleaning the shared memory resources was useful.
Thanks,
Venkatesh |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Jul 08, 2009 7:46 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
No, you have to be root to remove shared memory that you don't own.
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| nvenkatesh |
| Posted: Thu Jul 09, 2009 11:10 pm Post subject: |
|
|
Apprentice
Joined: 29 Jan 2007
Posts: 45
|
| fjb_saper wrote: |
| you have to be root to remove shared memory that you don't own |
This is fine..
| fjb_saper wrote: |
| The main reason not to run the qmgr under the broker's service id is to keep shared memory separate |
You mean here that the queue manager should be started from the mqm user and not from the wmbadmin though both are part of "mqm" group and doesnt have root privilege I guess.
What I did not understand is that how you "logically" put the first statement to prove your second statement.. Can you please explain??
Please excuse me if I am wrong..
Thanks,
Venkatesh |
|
| Back to top |
|
|
|
|
