| Author |
Message
|
| klabran |
 Posted: Wed Oct 05, 2005 1:55 pm Post subject: Restart QM after setmqaut? |
 |
|
Master
Joined: 19 Feb 2004
Posts: 259
Location: Flagstaff AZ
|
I thought I saw a way to not have to restart my QM for setmqaut to take effect?
I can't seem to find it? Am I wrong... |
|
| Back to top |
|
 |
| wschutz |
| Posted: Wed Oct 05, 2005 2:39 pm Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
What about:
?
_________________
-wayne |
|
| Back to top |
|
|
| markt |
| Posted: Wed Oct 05, 2005 2:43 pm Post subject: |
|
|
Knight
Joined: 14 May 2002
Posts: 508
|
| what about doing nothing? setmqaut has always taken effect immediately. |
|
| Back to top |
|
|
| klabran |
| Posted: Wed Oct 05, 2005 3:20 pm Post subject: |
|
|
Master
Joined: 19 Feb 2004
Posts: 259
Location: Flagstaff AZ
|
| Markt.... I'm not getting the changes until after I restart my QM??? |
|
| Back to top |
|
|
| wschutz |
| Posted: Wed Oct 05, 2005 3:35 pm Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
| klabran wrote: |
| Markt.... I'm not getting the changes until after I restart my QM??? |
You're not getting ANY changes, or is there a specific thing that you're doing thats not working? Give us more details (like the actual command and then how you know that you're "not getting the changes").
_________________
-wayne |
|
| Back to top |
|
|
| klabran |
| Posted: Wed Oct 05, 2005 3:50 pm Post subject: |
|
|
Master
Joined: 19 Feb 2004
Posts: 259
Location: Flagstaff AZ
|
From the command line...
setmqaut -n QMNAME -m QL_* -t q -g CJI +browse +get +inq +put +setall
I get "the setmqaut command completed successfully"
However, when I try to connect to a queue that starts with QL_Test or QL_Test2, etc... with a user in the CJI group I get 2035 Not Authorized.
If I stop and restart my QM then the same command works.
I am using a VB.Net program to test with and I am logged in as a user in the CJI group.
Kevin |
|
| Back to top |
|
|
| wschutz |
| Posted: Wed Oct 05, 2005 4:09 pm Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
I assume that CJI is not the primary group of the user you are testing with. Did you try the refresh security command:
| Code: |
setmqaut .......
runmqsc QMGR
refresh security
end
|
_________________
-wayne |
|
| Back to top |
|
|
| klabran |
| Posted: Wed Oct 05, 2005 4:15 pm Post subject: |
|
|
Master
Joined: 19 Feb 2004
Posts: 259
Location: Flagstaff AZ
|
No it isn't the primary group and I hadn't tried the refresh command when I posted this...
However, it works like a charm. 
Thanks,
Kevin |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Wed Oct 05, 2005 4:21 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
| klabran wrote: |
setmqaut -n QMNAME -m QL_* -t q -g CJI +browse +get +inq +put +setall
|
I'll assume thats a typo. You did this, right?
setmqaut -m QMNAME -n QL_* -t q -g CJI +browse +get +inq +put +setall
Mark's right, there is no need to restart the QM or run refresh security to effect setmqaut commands. They are immediate.
What probably happened is you ran the commands for the CJI group, then you added your User ID to that group. At this point the QM is unaware that your ID is in that group. But be restarting the QM, or if you are version 5.3 or higher running Refresh Security, you forced the QM to dump its cache of OS users and groups and read them again, thus picking up the fact that you added a new user to the group.
Run setmqaut commands - all set. Al lexisting users have the authority.
Add users - refresh security command or restart QM to let the QM know about them.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| klabran |
| Posted: Wed Oct 05, 2005 4:39 pm Post subject: |
|
|
Master
Joined: 19 Feb 2004
Posts: 259
Location: Flagstaff AZ
|
Yes that was a simple typo...
However,
I had created the group and had my users in it already and I have restarted my QM several times. So to test the theory of not needing to restart the QM or refresh it I did the following...
I did a setmqaut -m QMNAME -t qmgr -g CJI -all on the QM and then restarted the QM (just to go back to as if this group had no rights).
Then I ran setmqaut -m QMNAME -t qmgr -g CJI +connect +dsp +setall +inq and I ran the command to give access to all QL_* queues (in the above posts) and the program does not work until I restart the QM or type the refresh command?
If I run this command at the cmd line and I do not refresh or restart the QM my program gets a 2035 or Not Authorized.
????
Kevin |
|
| Back to top |
|
|
| wschutz |
| Posted: Wed Oct 05, 2005 4:54 pm Post subject: |
|
|
Jedi Knight
Joined: 02 Jun 2005
Posts: 3316
Location: IBM (retired)
|
So, to summarize where we are. You have a user in a group, you add an authority via setmqaut to that group and you get 2035 until you enter the REFRESH SECURITY command or restart the qmgr...correct?
What operating system and version/csd of MQ?
_________________
-wayne |
|
| Back to top |
|
|
| klabran |
| Posted: Thu Oct 06, 2005 6:22 am Post subject: |
|
|
Master
Joined: 19 Feb 2004
Posts: 259
Location: Flagstaff AZ
|
That is correct.
Server - W2K3 SP2 Std. MQ5.3 CSD9
Clients -
One is MQ5.3 Client CSD11
My development box is MQ5.3 Client no csds
They both react the same.
Here's the batch script that I am using to reset the security for this group.
If I remove the call to runmqsc the changes don't take from what I can see.
I have done the revoke all and it has the same results without a refresh, it doesn't take.
| Code: |
ECHO Revoke all rights first. Be sure server has a local CJI group with Summitlan CJI group a part of.
setmqaut -m QMNAME -t qmgr -g CJI -all
setmqaut -m QMNAME2 -t qmgr -g CJI -all
ECHO Set rights back up
setmqaut -m QMNAME -t qmgr -g CJI +connect +dsp +inq +set +setall
setmqaut -m QMNAME2 -t qmgr -g CJI +connect +dsp +inq +set +setall
ECHO OFF
REM setmqaut -m QMNAME -n QL_TEST -t q -g CJI +browse +get +put +setall +inq
ECHO ON
setmqaut -m QMNAME -n QL_* -t q -g CJI +browse +get +put +setall +inq
setmqaut -m QMNAME2 -n QL_* -t q -g CJI +browse +get +put +setall +inq
ECHO Refreshing QMGR'S to take effect. Using refresh.txt (refresh security)
runmqsc QMNAME < refresh.txt
runmqsc QMNAME2 < refresh.txt
pause
|
Kevin |
|
| Back to top |
|
|
|
|
