I thought you said your MQ server binded to port 80?
"Wyatt, T. Rob"
<[EMAIL PROTECTED] To: [EMAIL PROTECTED]
MERICA.COM> cc:
Sent by: MQSeries Subject: Re: mqm group
List
<[EMAIL PROTECTED]
C.AT>
10/01/2003 10:39 AM
Please respond to
MQSeries List
Doesn't the web server bind to port 80 for HTTP?
-----Original Message-----
From: Rick Tsujimoto [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2003 9:21 AM
To: [EMAIL PROTECTED]
Subject: Re: mqm group
T. Rob,
Why bind to a port below 1024?
"Wyatt, T. Rob"
<[EMAIL PROTECTED] To:
[EMAIL PROTECTED]
MERICA.COM> cc:
Sent by: MQSeries Subject: Re: mqm group
List
<[EMAIL PROTECTED]
C.AT>
10/01/2003 07:43 AM
Please respond to
MQSeries List
Navin,
When I was installing AppWatch on our Solaris server I discovered that I
couldn't start the web server as mqm. Seems you need root privileges to
bind to any port below 1024. Our sysadmin created a Power Broker profile
that allows me to start the server as mqm *and* bind to port 80. We happen
to have Power Broker but this could have been accomplished using any of
several tools, including those that are built in to the OS.
If your sysadmin needs convincing, you could write a script that puts root
in the mqm group. Don't actually run it, just show it to him and explain
that, with Web Logic running as root, you could execute this script (or any
other) with Web Logic's root privileges and gain complete control of the
server. Then if he's still not convinced, run the script under Web Logic.
within a day or two, you'll have the server running under it's own group.
--- T.Rob
-----Original Message-----
From: Navin Vali [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 01, 2003 6:27 AM
To: [EMAIL PROTECTED]
Subject: Re: mqm group
Hi Hubert ,
Thanks for the response.
Yes the logical thing to do is to create a weblogic user to start and
stop weblogic and this user could be setmqaut , thus can talk to
queue manager. But our system admin was insisting to give weblogic
start stop rights to only root, and root is not part of mqm .
We are in the process of convincing the sys admin to implement the
setup you suggested.
Thanks anyway for the suggestion,
cheers
Navin
Please respond to MQSeries List <[EMAIL PROTECTED]>
Sent by: MQSeries List <[EMAIL PROTECTED]>
To: MQSERIES
cc:
bcc:
Subject: Re: mqm group
Navin,
why do you run Weblogic as root? I would create a new user and group
(lets
say 'weblogic' for both) an run Weblogic using this ID. Set then the
MQ
permissions using setmqaut for the group 'weblogic'.
Remember, setting permissions using setmqaut for a user on unix sets
them
for the primary group. So I always use the command:
setmqaut -m YourQMGR -t qmgr -g YourGroup +connect +inq +dsp
Regards
Hubert
-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
Gesendet: Dienstag, 30. September 2003 19:57
An: [EMAIL PROTECTED]
Betreff: Réf. : Re: mqm group
Hello,
Why dont you use the setmqaut command to give the qmgr authorizations
you
want,
for example:
setmqaut -m YourQMGR -t qmgr -p root +connect +inq +dsp
and use the same command for the queue authorization you want.
Michel Jalette, CGI.
Pavel Tolkachev <[EMAIL PROTECTED]>@AKH-Wien.AC.AT> on
2003-09-30
13:08:17
Veuillez répondre à MQSeries List <[EMAIL PROTECTED]>
Envoyé par : MQSeries List <[EMAIL PROTECTED]>
Pour : [EMAIL PROTECTED]
cc :
Objet : Re: mqm group
Hi Navin,
It depends on your policies, but if you could get sudo for something
like a
2-line script, you could use 'newgrp mqm' as its first command, (the
2nd
line would run the
thing you need). Then the process would be run under root:mqm even
though
root would not be in a mqm group on a permanent basis.
Hope this will help,
Pavel
Navin Vali
<[EMAIL PROTECTED] To:
[EMAIL PROTECTED]
IRWAYS.COM> cc:
Sent by: MQSeries Subject: mqm group
List
<[EMAIL PROTECTED]
C.AT>
09/30/2003 12:39 PM
Please respond to
MQSeries List
Hi All ,
The problem is, we are starting the communication server on Weblogic
using
the sudo command.
The sudo command will start Weblogic as the "root" user.
All the processes created by this Weblogic instance will be owned by
root.
WL server tries to connect to MQ Queues as the "root" user. However
the root
user is not part of the mqm group and so MQ returns authentication
failure.
We requested to add root to the mqm group but they security folks
have
refused permission to add root to mqm group due to security and other
issues.
Now is there any way we can resolve this issue? Starting and stopping
of
weblogic rights can only be given to root and root cannot be part of
mqm.
Although we have a
mqadmin user which is part of mqm. Is there a way that we can start
weblogic
using root but when its up it runs as mqadmin?
Any help will be highly appreciated.
Thanks in Advance
Navin
----------------------------------------------------------------------------
---------------------
Get the best from British Airways at ba.com
http://www.ba.com
--
This e-mail may contain confidential and/or privileged information.
If you
are not the intended recipient (or have received this e-mail in
error)
please notify the sender
immediately and destroy this e-mail. Any unauthorized copying,
disclosure or
distribution of the material in this e-mail is strictly forbidden.
Instructions for managing your mailing list subscription are provided
in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided
in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided
in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://vm.akh-wien.ac.at/MQSeries.archive
