| Author |
Message
|
| vininx |
 Posted: Thu Dec 01, 2011 2:24 pm Post subject: FileInput node problem |
 |
|
Acolyte
Joined: 13 Oct 2009
Posts: 69
|
Hi,
I am having a message flow FileInput node which is reading messages from a Network Attached Storage mount on a Linux system. The thing is, when I place the input file created with the id under which the broker runs, the message flow is working fine. But when the input file is placed using another user id, the flow fails with the below error,
| Code: |
BIP3322E: FileInput node 'abc_Input' in message flow 'ABC_FLOW' cannot access the file 'abc.txt' with the correct access permissions. Exception description: 'File abc.txt does not identify an existing R/W file'. : TEST_BKR: /build/S700_P/src/DataFlowEngine/NativeTrace/ImbNativeTrace.cpp: 723: com.ibm.broker.nodes.filenodes.ComIbmFileInputNode.readData: : |
and I could see the input file being moved to mqsitransitin directory. The file is failed to get processed from the mqsitransit directory.
1) Does the broker reads the file only when it is created in the same id/group as the broker? Please clarify.
2) If so, is there a way to bypass it? |
|
| Back to top |
|
 |
| smdavies99 |
| Posted: Thu Dec 01, 2011 10:43 pm Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
What are the permissions of the file when it is created on the Linux Server?
(ls -l ...) will show this.
You may need to get the permissions of the directories changed
You may need to get the 'umask' value for the user that is writing the file changed.
Your Linux Admins should be able to help here.
There are ways I'd do it but these might violate security policies at your site. Talk to the sysAdmins. Get them to sort it then you (hopefully) won't be in violation of said policies.
Sadly, I've had this sort of request turned down flat in the past. The reason given was 'We can't do that. It will break our SOX compliance'. Even as I post this in the middle of the night of our US friends, I can hear the groans 3000+ miles away.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| Vitor |
| Posted: Fri Dec 02, 2011 5:38 am Post subject: Re: FileInput node problem |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| vininx wrote: |
| 1) Does the broker reads the file only when it is created in the same id/group as the broker? Please clarify. |
It reads, writes & copies the file using the id it runs under, as with any Unix application. If the file permissions don't allow this it will fail in the traditional way.
| vininx wrote: |
| 2) If so, is there a way to bypass it? |
As my worthy associate says, it's a Unix issue rather than a broker one. Speak to your admins, and whoever's writing your files.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| vininx |
| Posted: Fri Dec 02, 2011 7:06 am Post subject: |
|
|
Acolyte
Joined: 13 Oct 2009
Posts: 69
|
| Thanks a lot for your replies smdavies and vitor. I will talk with Linux admins and sort the file permission issue. The file is written in the mqsitransitin with -rw-r--r-- file permissions. |
|
| Back to top |
|
|
| vininx |
| Posted: Thu Dec 08, 2011 8:01 am Post subject: |
|
|
Acolyte
Joined: 13 Oct 2009
Posts: 69
|
Hi,
After changing the file permissions of the shared mount directory/mqsitransitin and other directories to 777 the broker still throws the same error when the file owner is other than broker's ID. when broker's id is the owner of the file(-rw-r--r--) permission is set on the file inside mqsitransitin directory and the message flow works fine. Since the input file will be placed under an application ID where the same shared mount is available in a different server, in real time we cannot use broker's ID. Is there a way for me to specify the broker, not to use it's id for read/write operations on the file through FileInput node?. Is there any external configuration setttings needed?. Please advise. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Thu Dec 08, 2011 8:03 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
You should not be writing directly into mqsitransitin.
Broker uses that directory, not you. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Dec 08, 2011 8:09 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| vininx wrote: |
| After changing the file permissions of the shared mount directory/mqsitransitin and other directories to 777 the broker still throws the same error when the file owner is other than broker's ID. |
I wouldn't have expected that to necessarially help. I'd have thought changing the umask would have been more profitable.
| vininx wrote: |
| Is there a way for me to specify the broker, not to use it's id for read/write operations on the file through FileInput node?. Is there any external configuration setttings needed?. Please advise. |
There's nothing in broker that allows this, and I'm not sure how you'd achieve this in Unix with a conventional application.
Go back to your sys admins and get more help. This is a straigthforward Unix problem as the majority of files are written under a different id to the one they're read under.
Also make sure the writing application and the sys admins are working on the original target directory. Do not fiddle with mqsitransitin; leave it how broker defines it and runs it.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| vininx |
| Posted: Thu Dec 08, 2011 8:09 am Post subject: |
|
|
Acolyte
Joined: 13 Oct 2009
Posts: 69
|
| Sorry. I am not writing into mqsitransitin directory. I am writing into a directory say /abc/input directory. When the message flow is started, broker is moving the file to mqsitransitin directory for it's processing. I am using WMB 7.0.0.2 version of broker runtime. |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Dec 08, 2011 8:13 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| vininx wrote: |
| I am writing into a directory say /abc/input directory. |
So what is the ownership and permissions of the file in this directory (ls -l)? Does the broker id have write permissions against this file? Because if it doesn't, the sys admins need to fix that.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| vininx |
| Posted: Thu Dec 08, 2011 8:16 am Post subject: |
|
|
Acolyte
Joined: 13 Oct 2009
Posts: 69
|
Vitor,
The application user id is wirting the input file with 777 permission, but even then the same error is thrown, because when it is moved by broker inside mqsitransitin the file permission of the input file is changed by the broker to (-rw-r--r--). Is it something to do with the UID/GID of the shared mount? |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Dec 08, 2011 8:25 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| vininx wrote: |
| The application user id is wirting the input file with 777 permission |
You know this because you've examined the directory with the ls command or because the application people told you that?
| vininx wrote: |
| but even then the same error is thrown, because when it is moved by broker inside mqsitransitin the file permission of the input file is changed by the broker to (-rw-r--r--). |
Which is as it should be. Files in the mqsitransitin directory should be owned by the broker id and be read/write only to that id. The error you originally posted sounds a lot like the broker trying to delete the file from the original directory post copy & finding it only has read access. However, if the mqsitransitin directory file has the permissions you indicate and the broker id is not the owner then it would give the same effect.
And means someone in the sys admin has changed / standardised / "improved" the file system settings and hosed up the broker's access.
| vininx wrote: |
| Is it something to do with the UID/GID of the shared mount? |
In the sense of how the UID & GID is being applied to the files via umask and other mechanisms. It's the first time you've mentioned this is on shared storage so it's well possible that ids from one machine are not meshing in some way with the other machine.
I'll say it again:
Speak to your sys admins
This is a Unix file problem not a broker one.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Thu Dec 08, 2011 9:10 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Vitor is right.
Plus I refer you to my previous post.
get your SysAdmins to sort it out. That is their job...
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
|
|
