ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » HP UX directory Permissions

Post new topic  Reply to topic
 HP UX directory Permissions « View previous topic :: View next topic » 
Author Message
nosnhoj
PostPosted: Tue Apr 18, 2006 12:08 pm    Post subject: HP UX directory Permissions Reply with quote

Apprentice

Joined: 07 Sep 2005
Posts: 40
Location: Markham On.
We recently upgraded our HPO UX to CSD 11, and noticed some strange looking directory permissions (below)

I'm wondering if there is a way to fix the ownership issue without breaking the application.

It does not make a lot of sense to have files in wide open directory trees which are not owned by a valid account. Should these be owned by mqm?

Thanks.

ll -R /opt/ibm
total 0
drwxrwxrwx 5 root sys 96 Jul 13 2004 gsk6

/opt/ibm/gsk6:
total 48
drwxrwxrwx 2 root sys 96 Jul 13 2004 bin
drwxrwxrwx 4 root sys 8192 Jul 13 2004 classes
-rwxr-xr-x 1 827 21 306 Dec 2 2003 copyright
drwxrwxrwx 2 root sys 8192 Jul 13 2004 lib

/opt/ibm/gsk6/bin:
total 128
-rwxr-xr-x 1 827 21 19018 Dec 2 2003 gsk6cmd
-rwxr-xr-x 1 827 21 19493 Dec 2 2003 gsk6ikm
-rwxr-xr-x 1 827 21 16384 Dec 2 2003 gsk6ver

/opt/ibm/gsk6/classes:
total 8112
-rwxr-xr-x 1 827 21 473 Dec 2 2003 cfwk.sec
-rwxr-xr-x 1 827 21 1045713 Dec 2 2003 cfwk.zip
-rw-r--r-- 1 827 21 3007212 Dec 2 2003 gsk6cls.jar
-rwxr-xr-x 1 827 21 4471 Dec 2 2003 gsk_java.security
-rwxr-xr-x 1 827 21 6703 Dec 2 2003
ikeycmd.properties
-rwxr-xr-x 1 827 21 23894 Dec 2 2003 ikmerr.sample
-rwxr-xr-x 1 827 21 20794 Dec 2 2003 ikmgui.sample
-rwxr-xr-x 1 827 21 8013 Dec 2 2003
ikminit.properties
-rwxr-xr-x 1 827 21 2578 Dec 2 2003 ikmuser.sample
drwxrwxrwx 3 root sys 96 Jul 13 2004 jre
drwxrwxrwx 2 root sys 96 Jul 13 2004 native

/opt/ibm/gsk6/classes/jre:
total 0
drwxrwxrwx 3 root sys 96 Jul 13 2004 lib

/opt/ibm/gsk6/classes/jre/lib:
total 16
drwxrwxrwx 2 root sys 8192 Jul 13 2004 ext

/opt/ibm/gsk6/classes/jre/lib/ext:
total 3680
-rwxr--r-- 1 827 21 1937 Dec 2 2003
US_export_policy.jar
-rwxr--r-- 1 827 21 76238 Dec 2 2003 ibmjcefw.jar
-rwxr--r-- 1 827 21 658352 Dec 2 2003
ibmjceprovider.jar
-rwxrwxrwx 1 root sys 142054 Sep 18 2002 ibmjlog.jar
-rwxrwxrwx 1 root sys 208825 Sep 18 2002 ibmjsse.jar
-rwxr--r-- 1 827 21 673060 Dec 2 2003 ibmpkcs.jar
-rwxr--r-- 1 827 21 76643 Dec 2 2003 ibmpkcs11.jar
-rwxr--r-- 1 827 21 1928 Dec 2 2003 local_policy.jar

/opt/ibm/gsk6/classes/native:
total 576
-rwxr--r-- 1 827 21 289249 Dec 2 2003
native-support.zip

/opt/ibm/gsk6/lib:
total 26384
-rwxr-xr-x 1 827 21 4235264 Dec 2 2003 libgsk6cms.sl
-rwxr-xr-x 1 827 21 1101824 Dec 2 2003 libgsk6dbfl.sl
-rwxr-xr-x 1 827 21 868352 Dec 2 2003 libgsk6drld.sl
-rwxr-xr-x 1 827 21 86016 Dec 2 2003 libgsk6kicc.sl
-rwxr-xr-x 1 827 21 143360 Dec 2 2003 libgsk6kjni.sl
-rwxr-xr-x 1 827 21 1531904 Dec 2 2003 libgsk6km.sl
-rwxr-xr-x 1 827 21 86016 Dec 2 2003 libgsk6krnc.sl
-rwxr-xr-x 1 827 21 520192 Dec 2 2003 libgsk6krrb.sl
-rwxr-xr-x 1 827 21 958464 Dec 2 2003 libgsk6krsw.sl
-rwxr-xr-x 1 827 21 86016 Dec 2 2003 libgsk6msca.sl
-rwxr-xr-x 1 827 21 1409024 Dec 2 2003 libgsk6p11.sl
-rwxr-xr-x 1 827 21 1458176 Dec 2 2003 libgsk6ssl.sl
-rwxr-xr-x 1 827 21 12288 Dec 2 2003 libgsk6sys.sl
-rwxr-xr-x 1 827 21 1028096 Dec 2 2003 libgsk6valn.sl
Back to top
View user's profile Send private message
vennela
PostPosted: Tue Apr 18, 2006 12:33 pm    Post subject: Reply with quote

Jedi Knight

Joined: 11 Aug 2002
Posts: 4055
Location: Hyderabad, India
Having permissions to for others to have GSKit doesn't hurt a lot I guess. But securing the key database file is what you need. That's just my idea though. But you can always come up with your own plan.
Back to top
View user's profile Send private message Send e-mail Visit poster's website
mvic
PostPosted: Tue Apr 18, 2006 12:35 pm    Post subject: Re: HP UX directory Permissions Reply with quote

Jedi

Joined: 09 Mar 2004
Posts: 2080
nosnhoj wrote:
It does not make a lot of sense to have files in wide open directory trees which are not owned by a valid account. Should these be owned by mqm?

Presumably they should be owned by whatever was user 827 and group 21.

As a pure guess, I think yes it should be mqm:mqm. But on the other hand, I understand that other IBM software can install files in /opt/ibm. So what was user 827 and group 21?
Back to top
View user's profile Send private message
nosnhoj
PostPosted: Wed Apr 19, 2006 4:19 am    Post subject: Reply with quote

Apprentice

Joined: 07 Sep 2005
Posts: 40
Location: Markham On.
I guess i'll try mqm:mqm in the test env and see what happens... I'll follow up and let y'all know.

thanks for the responses
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » HP UX directory Permissions
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.