| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| WMB v8 install on Unix that has WMB v7 installed. |
« View previous topic :: View next topic » |
| Author |
Message
|
| zpat |
 Posted: Tue May 14, 2013 3:02 am Post subject: WMB v8 install on Unix that has WMB v7 installed. |
 |
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
AIX
WMB v7 is installed under root (we use sudo command for this).
WMB v8 is normally installed under a non-root id (or at least it can be and this would be my preference).
Has anyone experienced problems installing WMB v8 on a system that has WMB v7 (and/or WMB v6.1) installed already - because some key files are owned by root and cannot be updated?
What non-root id did you use for the WMB v8 install? I was thinking of using mqm (member of mqbrkrs group). |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Wed May 15, 2013 5:25 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
Use a user whose primary group is mqbrkrs 
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zpat |
| Posted: Wed May 15, 2013 6:13 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Makes sense, maybe call it mqbrkrs for the id as well.
But how would that allow updates to WMB shared directories or files owned by root:system which were set up by the previous WMB v7 (root) install? |
|
| Back to top |
|
|
| smdavies99 |
| Posted: Wed May 15, 2013 6:57 am Post subject: |
|
|
Jedi Council
Joined: 10 Feb 2003
Posts: 6076
Location: Somewhere over the Rainbow this side of Never-never land.
|
Get a Unix Admin to login as root and 'fix' the ownership
something like
| Code: |
cd <somepath to broker root>
chown -R <someuser>:mqbrkrs .
|
Where the 'someuser' is the username of the user that owns the non 'root' items.
It always pays to plan the usernames and directory protection (plus sometimes the umask value) for the users.
_________________
WMQ User since 1999
MQSI/WBI/WMB/'Thingy' User since 2002
Linux user since 1995
Every time you reinvent the wheel the more square it gets (anon). If in doubt think and investigate before you ask silly questions. |
|
| Back to top |
|
|
| zpat |
| Posted: Wed May 15, 2013 11:24 pm Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
| This is not documented by IBM as part of the WMB v8 installation procedure. |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Thu May 16, 2013 5:04 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20756
Location: LI,NY
|
| zpat wrote: |
| This is not documented by IBM as part of the WMB v8 installation procedure. |
Color me confused. You are doing a side by side install, not an upgrade...
What shared directories are you talking about?
If you mean broker instances etc (var/mqsi)..., root should have no part of that and the ownership (group) should be mqbrkrs....
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| zpat |
| Posted: Thu May 16, 2013 5:11 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Yes, I want to install WMB v8 in addition to WMB v7.
As opposed to a "sudden death" upgrade of every WMB v7 broker ! 
However I have looked at the WMB v8002 infocenter and IBM have now documented the permission change steps that need to be performed under root (on AIX) before the non-root install will work.
Not sure that granting open write access (666) is that great an idea - but I suppose it gets round the problem!
| Quote: |
Security on Linux and UNIX systems
Set up the required security on Linux and UNIX systems before you install WebSphere® Message Broker.
Use the security facilities provided by your operating system to complete these tasks; for example, the Systems Management Interface Tool (SMIT) on AIX®, or the System Administration Manager on HP-Itanium.
Complete the following actions:
Log into the system.
On AIX, you must log in as root. On Linux and on other UNIX computers, your user ID must have root authority. You need this level of authority to set up the security requirements for installing the Broker component. The product can then be installed by a user who does not have root privileges.
If you are using a Linux on x86 or a Linux on x86-64 system and are not planning to install the Broker component, continue with step 4. Otherwise, follow your local security guidelines to acquire root authority; either log in as root, or log in as another user and become root.
The use of a user ID other than root itself has some advantages; it provides an audit trail of the user ID that installs the product and it limits the scope of root authority to tasks performed in a single session. The use of a user ID other than root might also be mandatory if you are logging in from a remote system.
If you plan to run the installation as a user with root authority, then complete the following steps: Under root authority, the installation automatically creates a security group called mqbrkrs. You must add your root authority login ID to the group after it has been created.
If you have already installed WebSphere MQ on this system, a group called mqm and a user called mqm are defined. If you have not yet installed WebSphere MQ, you must create this group and user.
Add your root authority user login ID to the group mqm, along with the user ID mqm.
On some systems, you must log off and log on again for these new group definitions (mqbrkrs and mqm) to be recognized.
If you plan to run the installation as a user without root authority, a user with root authority must complete the following steps before installation:
Create a security group called mqbrkrs. For example:
For Linux and UNIX
SUDO groupadd mqbrkrs
For AIX
SUDO mkgroup mqbrkrs
Add your non-root installation user login ID to the group after it has been created.
If WebSphere MQ has already been installed on this system, a group called mqm and a user called mqm are defined. If WebSphere MQ has not been installed, the group and user must be created.
Add your non-root installation user login ID to the group mqm, along with the user ID mqm.
If it does not exist, create the /var/mqsi directory. For example:
SUDO mkdir /var/mqsi
Ensure that the correct ownership and access permissions are set for the /var/mqsi directory. For example:
SUDO chown mqm:mqbrkrs /var/mqsi
SUDO chmod 775 /var/mqsi
If the /var/mqsi/install.properties file exists, ensure that your non-root installation user ID has write access to it. For example:
SUDO chmod 666 /var/mqsi/install.properties
If they do not exist, create the directories /opt/ibm/mqsi and /opt/ibm/IE02 for Linux, or /opt/IBM/mqsi and /opt/IBM/IE02 for UNIX and AIX. For example:
For Linux
SUDO mkdir /opt/ibm/mqsi
SUDO mkdir /opt/ibm/IE02
For UNIX and AIX
SUDO mkdir /opt/IBM/mqsi
SUDO mkdir /opt/IBM/IE02
Ensure that the correct ownership is assigned to the mqsi directory, along with access permissions to both the mqsi and IE02 directories. For example:
For Linux
SUDO chown mqm:mqbrkrs /opt/ibm/mqsi
SUDO chmod 777 /opt/ibm/mqsi
SUDO chmod 777 /opt/ibm/IE02
For UNIX and AIX
SUDO chown mqm:mqbrkrs /opt/IBM/mqsi
SUDO chmod 777 /opt/IBM/mqsi
SUDO chmod 777 /opt/IBM/IE02
If setting the IATEMPDIR variable, ensure that your non-root user ID has write permission to the directory you choose. For example:
SUDO chmod 777 /tmp/IATEMP
Note: This action is only needed if you have insufficient space in the default file system for the installation.
Verification procedures are provided for Linux on x86 and Linux on x86-64. To complete verification, you do not require root authority. If you install with root authority, but do not want to complete verification with root authority, log off when you have completed installation. Log in with the same or a different user ID, but do not become root.
If you log in with another user ID, and have not already added this ID to the groups mqbrkrs and mqm, do so before you open the WebSphere Message Broker Toolkit.
|
|
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
