| |
|
RSS Feed - WebSphere MQ Support
|
RSS Feed - Message Broker Support
|
  |
|
| User permission to execute mqsi command for mqbrkrs group |
« View previous topic :: View next topic » |
| Author |
Message
|
| ghoshly |
 Posted: Fri Apr 30, 2021 11:10 am Post subject: User permission to execute mqsi command for mqbrkrs group |
 |
|
Partisan
Joined: 10 Jan 2008
Posts: 333
|
Hello,
I have a user who is member of 'mqbrkrs' group, but not member of 'mqm' group. Intension is to have restrictions on developer resources, so that they do not run administrative commands. However, those user is unable to execute basic commands such as mqsilist which they should be able to; due to shared file location permission which is created during Integration node creation. In child level directory, there is no permission for users other than mqm group.
| Code: |
[tghosh@XXXXX-ESBAPP1D ~]$ id tghosh
uid=1005(tghosh) gid=1005(mqbrkrs) groups=1005(mqbrkrs),1007(esbdev)
|
| Code: |
[tghosh@XXXXX-ESBAPP1D ~]$ mqsilist
BIP1285I: Integration node 'NEWNODE01' on queue manager 'NEWQMGR01' is stopped.
BIP2164E: An error occurred while opening registry file ''/nfsesb/ibmace/mqsi/registry/NFSNODE01/CurrentVersion/FADLevel'' to read it : 'Permission denied'.
The program cannot proceed, because it cannot read the value in the registry for this key.
Contact your IBM App Connect Enterprise administrator.
BIP8081E: An error occurred while processing the command.
|
| Code: |
[tghosh@XXXXX-ESBAPP1D ~]$ cd /nfsesb/ibmace/mqsi
[tghosh@XXXXX-ESBAPP1D mqsi]$ ls -la
total 0
drwxrwx---. 7 mqm mqbrkrs 86 Apr 27 14:25 .
drwxrwxr-x. 3 mqm mqm 18 Apr 26 15:35 ..
drwxrwx---. 4 mqm mqm 43 Apr 27 14:25 common
drwxrwx---. 3 mqm mqbrkrs 23 Apr 26 16:30 components
drwxrwx---. 3 mqm mqm 23 Apr 27 14:25 config
drwxrwx---. 3 mqm mqm 22 Apr 27 14:25 connectors
drwxrwx---. 3 mqm mqbrkrs 23 Apr 26 16:30 registry
[tghosh@XXXXX-ESBAPP1D mqsi]$ cd registry
[tghosh@XXXXX-ESBAPP1D registry]$ ls -la
total 0
drwxrwx---. 3 mqm mqbrkrs 23 Apr 26 16:30 .
drwxrwx---. 7 mqm mqbrkrs 86 Apr 27 14:25 ..
drwxrwx---. 3 mqm mqm 28 Apr 26 16:30 NFSNODE01
[tghosh@XXXXX-ESBAPP1D registry]$
|
|
|
| Back to top |
|
 |
| abhi_thri |
| Posted: Sat May 01, 2021 12:21 am Post subject: |
|
|
Knight
Joined: 17 Jul 2017
Posts: 516
Location: UK
|
hi...as you've noticed the 'mqm:mqm' on broker folders sounds a bit odd, usually the owner is either 'root' or '<brokeradmin>' depending on which user was used to install IIB and the group should be 'mqbrkrs'.
You could try changing the group to 'mqbrkrs' for all sub-folders under 'mqsi', restart the node and see |
|
| Back to top |
|
|
| ghoshly |
| Posted: Mon May 03, 2021 8:07 am Post subject: |
|
|
Partisan
Joined: 10 Jan 2008
Posts: 333
|
I could manually update file and folder ownership and that way, users with mqbrkrs group could run basic mqsi commands.
I hope this doesn't land into other kind of issues later. |
|
| Back to top |
|
|
|
|
|
| |
|
Page 1 of 1 |
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
|
|
