| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| Is it mandatory to create uid gid groups with same ID |
« View previous topic :: View next topic » |
| Author |
Message
|
| narayanarvr |
 Posted: Tue Aug 09, 2022 8:34 pm Post subject: Is it mandatory to create uid gid groups with same ID |
 |
|
Voyager
Joined: 09 Oct 2012
Posts: 84
|
Hi Team,
Good day!
I have small doubt like is it mandatory to create uid gid groups with same numeric ID before installing MQ on Linux.
# id mqm
uid=501(mqm) gid=501(mqm) groups=501(mqm)
The reason I am asking is, I created with same numeric IDs but someone changed it, do I need to change IDs or do I need to create same ids and need to reinstall?
Please advise. |
|
| Back to top |
|
 |
| exerk |
| Posted: Wed Aug 10, 2022 2:42 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
Investigate who changed it, what exactly they changed, why they changed it, and work with them to ensure it doesn't happen again, especially in HA environments.
What errors, if any, has MQ displayed since the change?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| narayanarvr |
| Posted: Wed Aug 10, 2022 7:37 am Post subject: |
|
|
Voyager
Joined: 09 Oct 2012
Posts: 84
|
Thank you for your answer.
I am investigating who changed it why did they do.
I managed to restore ownership by looking at other same environment and it worked and able to start the queue managers without issue, but is it good to change the ownership manually? |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Aug 10, 2022 7:45 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
| narayanarvr wrote: |
| ...I managed to restore ownership by looking at other same environment and it worked and able to start the queue managers without issue, but is it good to change the ownership manually? |
My apologies, but I don't quite understand the above.
Did you have to do anything specific to "...restore ownership..." ?
What exactly do you mean by "...change the ownership manually...", i.e., was ownership on MQ-specific directories/files changed, e.g. from mqm:mqm to some:other ?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| narayanarvr |
| Posted: Wed Aug 10, 2022 7:54 am Post subject: |
|
|
Voyager
Joined: 09 Oct 2012
Posts: 84
|
Hi Exerk,
Sorry if I conveyed wrong.
Yes, you are correct I changed ownership exactly as you mentioned below
ownership on MQ-specific directories/files changed, e.g. from mqm:mqm to some:other
I applied chown -R mqm:mqm /opt/mqm etc.., it worked, but I have a doubt that will it backfire somewhere ?
Please advise. |
|
| Back to top |
|
|
| exerk |
| Posted: Wed Aug 10, 2022 8:28 am Post subject: |
|
|
Jedi Council
Joined: 02 Nov 2006
Posts: 6339
|
I think you need to have a discussion with the colleague that changed it all - preferably in a dark alley, and you with a cricket bat in your hand to beat it into them that what they did was not-a-good-idea  ...
...joking aside, you're lucky that you could recover it so quickly, but unfortunately you have no easy way of knowing whether something further down the timeline will rise up and bite you.
The crtmqdir command may be of help to you, and if your security department have questions then THIS should help allay any fears they may have.
The above links are from the MQ V9.3 Knowledge Centre, so please check validity against your MQ version(s).
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Wed Aug 10, 2022 2:52 pm Post subject: Re: Is it mandatory to create uid gid groups with same ID |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| narayanarvr wrote: |
Hi Team,
Good day!
I have small doubt like is it mandatory to create uid gid groups with same numeric ID before installing MQ on Linux.
# id mqm
uid=501(mqm) gid=501(mqm) groups=501(mqm)
The reason I am asking is, I created with same numeric IDs but someone changed it, do I need to change IDs or do I need to create same ids and need to reinstall?
Please advise. |
The mqm group and mqm userid can have any valid numeric ID. They don't need to be the same ID. If you don't create them before installing MQ, the MQ installation will do it for you. Once created, the numeric IDs must not be changed, as the whole UNIX identity and permissions system is built around these IDs. Messing with them will cause issues for MQ. If you try to remediate using chown -R, you can never be quite sure that you fixed everything correctly.
_________________
Glenn |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
