Hello All: I installed the latest CSD (CSD05) in a hope it would solve effective UID program. But instead things became worse. Now I cannot even create a queue manager in a regular way, *under mqm account*. Here is what I am getting:
-----cut here------
$ id
uid=1091104(mqm) gid=7232(mqm)
$ crtmqm TESTQM
The system could not load the module '/opt/mqm/lib/amqzfu' for the installable
service 'AuthorizationService' component 'MQSeries.UNIX.auth.service'. The
system return code was 536895861. The Queue Manager is continuing without this
component.
MQSeries queue manager created.
Setup completed.
AMQ5615: Default objects cannot be created: CompCode = 2 Reason = 2035.
$
-----cut here------
Before applying CSDs everything worked fine. Please advice. Paul, Andy?
Pavel
----- Forwarded by Pavel Tolkachev/NewYork/DBNA/DeuBa on 09/05/2002 06:45 PM -----
Pavel Tolkachev
To:
09/05/2002 09:48 [EMAIL PROTECTED]
AM cc:
bcc:
Subject: Effective user id for
permissions and CSD03 on Solaris 8
Hello all,
I remember something similar was discussed before but I cannot find in archives :-(.
The problem is:
I use setuid scripts wrapping around MQSeries control commands to let non-mqm users
fully administrate only their respective queue managers. For example, for runmqsc
----cut here myrunmqsc----
#!/usr/bin/ksh
unset LD_PRELOAD LD_LIBRARY_PATH
export path=/usr/bin:/opt/mqm/bin
...
# check arguments to ensure user tries to use only his queue manager
...
runmqsc $*
----cut here myrunmqsc----
It works fine on my test Solaris 8 system with MQSeries 5.2 with no CSD. However, it
does not work on client's machine where CSD03 seems to be installed (I am judjing by
/opt/mqm/READMES/en_US/memo.ptf). For example, mycrtmqm creates a queue manager but
cannot create all default objects. runmqsc runs but does not give any permissions to
the objects etc. FDC reads "unable to display an error message 7F3" (which is 2035 --
MQRC_NOT_AUTORIZED) or AMQ9508: Program cannot connect to the queue manager ... 2063
.. MQRC_SECURITY_ERROR
Now, in all FDCs UserID field shows my *real user id*, not mqm or root for crtmqm
(which must be an effective user id -- I ensured that by adding
'id' command in my setuid scripts). However, in the list of APARs fixed in CSD03 there
is an IY23957 which says:
IY23957 - MQSeries used the real UID to determine permissions
when it should have been using the effective UID.
It looks quite opposite: before any CSDs it works but after CSD03 (maybe earlier) it
doesn't. it was broken and it was *not* fixed in CSD03. Again, I remember something
similar discussed in the list before but cannot find it.
Please -- does anybody have any clues -- is my guess correct, and what can be the cure?
Thank you,
Pavel
(Embedded image moved to file: pic03930.pcx)
--
This e-mail may contain confidential and/or privileged information. If you are not the
intended recipient (or have received this e-mail in error) please notify the sender
immediately and destroy this e-mail. Any unauthorized copying, disclosure or
distribution of the material in this e-mail is strictly forbidden.
pic03930.pcx
Description: Binary data
