Hello all, I remember something similar was discussed before but I cannot find in archives :-(. The problem is:
I use setuid scripts wrapping around MQSeries control commands to let non-mqm users fully administrate only their respective queue managers. For example, for runmqsc ----cut here myrunmqsc---- #!/usr/bin/ksh unset LD_PRELOAD LD_LIBRARY_PATH export path=/usr/bin:/opt/mqm/bin ... # check arguments to ensure user tries to use only his queue manager ... runmqsc $* ----cut here myrunmqsc---- It works fine on my test Solaris 8 system with MQSeries 5.2 with no CSD. However, it does not work on client's machine where CSD03 seems to be installed (I am judjing by /opt/mqm/READMES/en_US/memo.ptf). For example, mycrtmqm creates a queue manager but cannot create all default objects. runmqsc runs but does not give any permissions to the objects etc. FDC reads "unable to display an error message 7F3" (which is 2035 -- MQRC_NOT_AUTORIZED) or AMQ9508: Program cannot connect to the queue manager ... 2063 .. MQRC_SECURITY_ERROR Now, in all FDCs UserID field shows my *real user id*, not mqm or root for crtmqm (which must be an effective user id -- I ensured that by adding 'id' command in my setuid scripts). However, in the list of APARs fixed in CSD03 there is an IY23957 which says: IY23957 - MQSeries used the real UID to determine permissions when it should have been using the effective UID. It looks quite opposite: before any CSDs it works but after CSD03 (maybe earlier) it doesn't. it was broken and it was *not* fixed in CSD03. Again, I remember something similar discussed in the list before but cannot find it. Please -- does anybody have any clues -- is my guess correct, and what can be the cure? Thank you, Pavel -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive