Author |
Message
|
KAKOZ |
Posted: Tue Mar 09, 2004 10:15 am Post subject: userids root & mqm on Unix mqseries platform? |
|
|
Voyager
Joined: 26 Jan 2004 Posts: 90 Location: FRANCE
|
HI,
- we wonder if we must place the root userid in the mqm group or not?
when installing mqseries server or mqseries client on a unix machine
- has the root userid all the mqm rights anyway? even if the root userid is not in the mqm group? - can we forbid the root userid for instance to run the runmqsc utility?
some idea?
thanks
Jack |
|
Back to top |
|
 |
jefflowrey |
Posted: Tue Mar 09, 2004 10:34 am Post subject: Re: userids root & mqm on Unix mqseries platform? |
|
|
Grand Poobah
Joined: 16 Oct 2002 Posts: 19981
|
KAKOZ wrote: |
can we forbid the root userid for instance to run the runmqsc utility? |
Can you forbid the root userid from changing the members of the mqm group? _________________ I am *not* the model of the modern major general. |
|
Back to top |
|
 |
KAKOZ |
Posted: Tue Mar 09, 2004 11:07 pm Post subject: |
|
|
Voyager
Joined: 26 Jan 2004 Posts: 90 Location: FRANCE
|
I dont tnink so
thanks to remind me this simple fact
Jack |
|
Back to top |
|
 |
csmith28 |
Posted: Thu Mar 11, 2004 2:35 pm Post subject: yeah except |
|
|
 Grand Master
Joined: 15 Jul 2003 Posts: 1196 Location: Arizona
|
This is true for true root but if you are using SUDO, KEON, PowerBroker or some of the other software packages of that nature so that when normal users are not true root when they assume the root ID you can exclude the simulated root user from having mqm authority. _________________ Yes, I am an agent of Satan but my duties are largely ceremonial. |
|
Back to top |
|
 |
KAKOZ |
Posted: Thu Mar 11, 2004 11:12 pm Post subject: |
|
|
Voyager
Joined: 26 Jan 2004 Posts: 90 Location: FRANCE
|
HI all,
Jack again - just a question cause I am new on unix:
<has the 'root' userid systematically all the mqseries rights? - without the need to put it in the mqm group?>
in Windows environnement any userid member of the ADMINISTRATORS group has all mqseries rights without the need to be in the 'mqm' group
(the only way to get all mqseries rights is to be in this 'mqm' group)
thanks,
Jack |
|
Back to top |
|
 |
kman |
Posted: Thu Mar 11, 2004 11:22 pm Post subject: |
|
|
Partisan
Joined: 21 Jan 2003 Posts: 309 Location: Kuala Lumpur, Malaysia
|
As far as I can remember (and not that far on that too ), root is not automatically in the group mqm. You need to explicitly add root to mqm. You also need to explicitly create group mqm, and user mqm. |
|
Back to top |
|
 |
KAKOZ |
Posted: Thu Mar 11, 2004 11:29 pm Post subject: |
|
|
Voyager
Joined: 26 Jan 2004 Posts: 90 Location: FRANCE
|
thanks guy,
but do you know if 'root' has **all** the mqseries rights without the need to be in the mqm group?
Jack |
|
Back to top |
|
 |
gunter |
Posted: Thu Mar 11, 2004 11:31 pm Post subject: |
|
|
Partisan
Joined: 21 Jan 2004 Posts: 307 Location: Germany, Frankfurt
|
No, for MQ he's a normal user. For MQ-administration he needs to be in the mqm-group and for MQI calls he needs the rights, set with setmqaut.
But:
He can change to all userid's without needing a password.
He can give themselfe the mqm-group.
He can execute all programms. |
|
Back to top |
|
 |
KAKOZ |
Posted: Thu Mar 11, 2004 11:33 pm Post subject: |
|
|
Voyager
Joined: 26 Jan 2004 Posts: 90 Location: FRANCE
|
thanks Gunter
much more clear for me now
Jack |
|
Back to top |
|
 |
|