Hello all,
I remember something similar was discussed before but I cannot find in archives :-(.
The problem is:
I use setuid scripts wrapping around MQSeries control commands to let non-mqm users
fully administrate only their respective queue managers. For example, for runmqsc
----cut here myrunmqsc----
#!/usr/bin/ksh
unset LD_PRELOAD LD_LIBRARY_PATH
export path=/usr/bin:/opt/mqm/bin
...
# check arguments to ensure user tries to use only his queue manager
...
runmqsc $*
----cut here myrunmqsc----
It works fine on my test Solaris 8 system with MQSeries 5.2 with no CSD. However, it
does not work on client's machine where CSD03 seems to be installed (I am judjing by
/opt/mqm/READMES/en_US/memo.ptf). For example, mycrtmqm creates a queue manager but
cannot create all default objects. runmqsc runs but does not give any permissions to
the objects etc. FDC reads "unable to display an error message 7F3" (which is 2035 --
MQRC_NOT_AUTORIZED) or AMQ9508: Program cannot connect to the queue manager ... 2063
.. MQRC_SECURITY_ERROR
Now, in all FDCs UserID field shows my *real user id*, not mqm or root for crtmqm
(which must be an effective user id -- I ensured that by adding
'id' command in my setuid scripts). However, in the list of APARs fixed in CSD03 there
is an IY23957 which says:
IY23957 - MQSeries used the real UID to determine permissions
when it should have been using the effective UID.
It looks quite opposite: before any CSDs it works but after CSD03 (maybe earlier) it
doesn't. it was broken and it was *not* fixed in CSD03. Again, I remember something
similar discussed in the list before but cannot find it.
Please -- does anybody have any clues -- is my guess correct, and what can be the cure?
Thank you,
Pavel
--
This e-mail may contain confidential and/or privileged information. If you are not the
intended recipient (or have received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
