Hello All: I installed the latest CSD (CSD05) in a hope it would solve effective UID program. But instead things became worse. Now I cannot even create a queue manager in a regular way, *under mqm account*. Here is what I am getting:
-----cut here------ $ id uid=1091104(mqm) gid=7232(mqm) $ crtmqm TESTQM The system could not load the module '/opt/mqm/lib/amqzfu' for the installable service 'AuthorizationService' component 'MQSeries.UNIX.auth.service'. The system return code was 536895861. The Queue Manager is continuing without this component. MQSeries queue manager created. Setup completed. AMQ5615: Default objects cannot be created: CompCode = 2 Reason = 2035. $ -----cut here------ Before applying CSDs everything worked fine. Please advice. Paul, Andy? Pavel ----- Forwarded by Pavel Tolkachev/NewYork/DBNA/DeuBa on 09/05/2002 06:45 PM ----- Pavel Tolkachev To: 09/05/2002 09:48 [EMAIL PROTECTED] AM cc: bcc: Subject: Effective user id for permissions and CSD03 on Solaris 8 Hello all, I remember something similar was discussed before but I cannot find in archives :-(. The problem is: I use setuid scripts wrapping around MQSeries control commands to let non-mqm users fully administrate only their respective queue managers. For example, for runmqsc ----cut here myrunmqsc---- #!/usr/bin/ksh unset LD_PRELOAD LD_LIBRARY_PATH export path=/usr/bin:/opt/mqm/bin ... # check arguments to ensure user tries to use only his queue manager ... runmqsc $* ----cut here myrunmqsc---- It works fine on my test Solaris 8 system with MQSeries 5.2 with no CSD. However, it does not work on client's machine where CSD03 seems to be installed (I am judjing by /opt/mqm/READMES/en_US/memo.ptf). For example, mycrtmqm creates a queue manager but cannot create all default objects. runmqsc runs but does not give any permissions to the objects etc. FDC reads "unable to display an error message 7F3" (which is 2035 -- MQRC_NOT_AUTORIZED) or AMQ9508: Program cannot connect to the queue manager ... 2063 .. MQRC_SECURITY_ERROR Now, in all FDCs UserID field shows my *real user id*, not mqm or root for crtmqm (which must be an effective user id -- I ensured that by adding 'id' command in my setuid scripts). However, in the list of APARs fixed in CSD03 there is an IY23957 which says: IY23957 - MQSeries used the real UID to determine permissions when it should have been using the effective UID. It looks quite opposite: before any CSDs it works but after CSD03 (maybe earlier) it doesn't. it was broken and it was *not* fixed in CSD03. Again, I remember something similar discussed in the list before but cannot find it. Please -- does anybody have any clues -- is my guess correct, and what can be the cure? Thank you, Pavel (Embedded image moved to file: pic03930.pcx) -- This e-mail may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.
pic03930.pcx
Description: Binary data