| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| File permissions on fmczemst, fmczsmst & fmczcmst |
« View previous topic :: View next topic » |
| Author |
Message
|
| ckup |
 Posted: Wed Oct 26, 2011 12:01 pm Post subject: File permissions on fmczemst, fmczsmst & fmczcmst |
 |
|
Newbie
Joined: 26 Oct 2011
Posts: 8
|
Our company is imposing some file security standards on our workflow servers.
One of the standards is that SUID/SGID files are prohibited, unless we have an exception.
There are 3 files that were flagged as violating this standard, and I was wondering if these 3 files need the SUID/SGID set.
-rwsr-xr-x 1 fmc fmcgrp 20734 Mar 31 2004 /var/fmc/cfgs/BPI/bin/fmczcmst
-rwsr-xr-x 1 fmc fmcgrp 20734 Mar 31 2004 /var/fmc/cfgs/BPI/bin/fmczemst
-rwsr-xr-x 1 fmc fmcgrp 20734 Mar 31 2004 /var/fmc/cfgs/BPI/bin/fmczsmst
If the answer is yes, I am sure that I can get an exception for them.
If the answer is no, then what permissions would work for these files?
Thanks. |
|
| Back to top |
|
 |
| exerk |
| Posted: Wed Oct 26, 2011 2:58 pm Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
On install WMQ (and I suspect all other IBM products) sets all the necessary and required file permissions. Search this site for the large numbers of posts in regard to Sys Admins who have merrily changed such permissions, and the grief that action has caused. If 'they' won't allow exceptions, get them to provide a letter, preferably written in their own blood and countersigned by their mother (if they have one), to say why not, which you can show to the affected business unit. And be charitable, offer to tie their blindfold and light their last cigarette when the time comes. 
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| ckup |
| Posted: Wed Oct 26, 2011 3:08 pm Post subject: |
|
|
Newbie
Joined: 26 Oct 2011
Posts: 8
|
That is what I was thinking, but I wanted someone else to verify it.
Thanks for the informaiton and hilarious comments.  |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Oct 26, 2011 3:59 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
And what purpose would encrypting binaries serve? Other than to make them unusable?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Thu Oct 27, 2011 9:49 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
What some anonymous people on the internet say on the topic, even if correct, will not satisfy auditors in my experience.
But if you open up a PMR to IBM and save the answer directly from the vendor that wrote the code you'll be good.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
