ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » World Writable File in MQ Directory. URGENT!

Post new topic  Reply to topic
 World Writable File in MQ Directory. URGENT! « View previous topic :: View next topic » 
Author Message
syangloo
PostPosted: Thu Jun 05, 2003 7:51 pm    Post subject: World Writable File in MQ Directory. URGENT! Reply with quote

Centurion

Joined: 01 Oct 2002
Posts: 120
Location: Kuala Lumpur
Dear All,

Currently i have the security issue for the world writable file in the UNIX and Sun Solaris system. Below is the list with the world writable permission:


    Permission Owner Group File Name
    -rw-rw-rw- 1 mqm mqm 16388 Apr 28 16:24 /var/mqm/errors/AMQERR01.LOG
    -rw-rw-rw- 1 mqm mqm 0 Apr 21 14:31 /var/mqm/errors/AMQERR02.LOG
    -rw-rw-rw- 1 mqm mqm 0 Apr 21 14:31 /var/mqm/errors/AMQERR03.LOG
    -rw-rw-rw- 1 mqm mqm 170936 May 30 16:18 /var/mqm/qmgrs/@SYSTEM/errors/AMQERR01.LOG
    -rw-rw-rw- 1 mqm mqm 256005 Apr 25 7:27 /var/mqm/qmgrs/@SYSTEM/errors/AMQERR02.LOG
    -rw-rw-rw- 1 mqm mqm 0 Apr 21 0:54 /var/mqm/qmgrs/@SYSTEM/errors/AMQERR03.LOG
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/@SYSTEM/shmem/SUBPOOL.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/@SYSTEM/shmem/xls.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/@SYSTEM/shmem/xls.001
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/AMQRFNCA.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/AMQRSTAT.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/Anon001.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/DMEMSET.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/IPCCPSet.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/PCSVRMEM.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/PCSVRSEM.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/PLUGSET.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/PLUGSET.001
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/SUBPOOL.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/SUBPOOL.001
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/WLMset.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/xls.000
    -rw-rw-rw- 1 mqm mqm 0 May 29 19:10 /var/mqm/qmgrs/QM!CCM!KL!001/@ipcc/shmem/xls.001
    -rw-rw-rw- 1 mqm mqm 47577 May 30 15:27 /var/mqm/qmgrs/QM!CCM!KL!001/errors/AMQERR01.LOG
    -rw-rw-rw- 1 mqm mqm 0 Apr 21 0:38 /var/mqm/qmgrs/QM!CCM!KL!001/errors/AMQERR02.LOG
    -rw-rw-rw- 1 mqm mqm 0 Apr 21 0:38 /var/mqm/qmgrs/QM!CCM!KL!001/errors/AMQERR03.LOG
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/AMQRFNCA.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/AMQRSTAT.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/Anon001.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/DMEMSET.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/IPCCPSet.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/PCSVRMEM.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/PCSVRSEM.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/PLUGSET.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/PLUGSET.001
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/SUBPOOL.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/SUBPOOL.001
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/WLMset.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/xls.000
    -rw-rw-rw- 1 mqm mqm 0 May 8 14:14 /var/mqm/qmgrs/QM!CCM!KL!003/@ipcc/shmem/xls.001
    -rw-rw-rw- 1 mqm mqm 58051 May 12 11:55 /var/mqm/qmgrs/QM!CCM!KL!003/errors/AMQERR01.LOG
    -rw-rw-rw- 1 mqm mqm 0 Apr 21 0:38 /var/mqm/qmgrs/QM!CCM!KL!003/errors/AMQERR02.LOG
    -rw-rw-rw- 1 mqm mqm 0 Apr 21 0:38 /var/mqm/qmgrs/QM!CCM!KL!003/errors/AMQERR03.LOG


Can i world writable from above file except the Log file?
OR
Where can i get the supporting document for above file should be world writable file and not be changing the permission?

Regards
Syang
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
syangloo
PostPosted: Sun Jun 08, 2003 4:23 pm    Post subject: Reply with quote

Centurion

Joined: 01 Oct 2002
Posts: 120
Location: Kuala Lumpur
Thanks,

Currently i remain those file permission to same. I get some info about this world writable file from IBM website, but more of it mention the folder permission only.

Hopefully some one can explain to me more clear for other file permission. (other then the log files)

Regards
Syang
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
bduncan
PostPosted: Mon Jun 09, 2003 11:54 am    Post subject: Reply with quote

Padawan

Joined: 11 Apr 2001
Posts: 1554
Location: Silicon Valley
The other files appear to be semaphore locks/shared memory stuff, and on some file systems, like Linux, MQ stores these in the /tmp directory, also with world writeable permissions. These are just temporary files which stick around for the duration of an application being connected to the queue manager if I recall...
_________________
Brandon Duncan
IBM Certified MQSeries Specialist
MQSeries.net forum moderator
Back to top
View user's profile Send private message Visit poster's website AIM Address
syangloo
PostPosted: Mon Jun 09, 2003 4:25 pm    Post subject: Reply with quote

Centurion

Joined: 01 Oct 2002
Posts: 120
Location: Kuala Lumpur
That mean, those files will remove by the system after the application disconnect to the queue manager?

Any manual listed any info related to this issue?

Regards
Syang
Back to top
View user's profile Send private message Yahoo Messenger MSN Messenger
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » General IBM MQ Support » World Writable File in MQ Directory. URGENT!
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.