-----Original Message-----
From: Adiraju, Rao [mailto:[EMAIL PROTECTED]
Sent: Sunday, April 04, 2004 5:51 PM
To: [EMAIL PROTECTED]
Subject: MQ Security data in SYSTEM.AUTH.DATA.QUEUEI am trying to analyse the entries in the above queue on SOLARIS platform with MQ V5.3 CSD6.
What I am noticing is when I create an object such as local queue, MQ by default, is generating two authorisation entries - one for "mqm" group and another for one of my other group-ids but not all the groups that I belong to.
On this particular box my user-id is connected to three groups - mqm, group1, group2. Where as MQ is creating authorisation entries for mqm and group1 but NOT group2.
Where as if I do "sudo su - mqm" and create an object, then I can see only one authorisation entry for "mqm" group.
Similarly when a solaris administrator logs on as "root" and create objects, I see only two entries - one for "mqm" and another for "other". Even here the "root" is associated with more than these two groups.
Looks like it is always generating TWO entries - one for "mqm" and another for one of the associated groups (but not all and in what order it selects - beats me).
Appreciate if anybody can throw some light on how it works.
Is the behaviour is same on Windows platform (I am still analysing it but at the outset doesn't look like the same).
And also appreciate any advise on how to clean up all other entries barring "mqm" group. I am thinking of unloading these entries in to a txt file, delete unwanted entries and load back. Then the plan is to grant controlled access to the users.
Cheers
This communication is confidential and may contain privileged material. If you are not the intended recipient you must not use, disclose, copy or retain it. If you have received it in error please immediately notify me by return email and delete the emails.
Rao
Thank you.
Title: MQ Security data in SYSTEM.AUTH.DATA.QUEUE
Rao,
Use
the "id" command to display your currently set active group. This should
be the group that is used to make the second entry. Try doing a "newgrp"
to change your active group before creating the queue and see if it makes
the second entry in the newly selected group. If you "newgrp mqm" there
should be no second entry.
If you
create your queues from script files, you cannot simply add a "newgrp mqm"
command to the file. Doing a newgrp always results in a new shell that
ignores the rest of the script. If anyone knows of a syntax that allows
execution of newgrp from within a script, please let me
know!
-- T.Rob
- MQ Security data in SYSTEM.AUTH.DATA.QUEUE Adiraju, Rao
- Re: MQ Security data in SYSTEM.AUTH.DATA.QUEUE Gunter Jeschawitz
- Re: MQ Security data in SYSTEM.AUTH.DATA.QUEUE Jim Ford
- Re: MQ Security data in SYSTEM.AUTH.DATA.QUEUE Wyatt, T. Rob
- Re: MQ Security data in SYSTEM.AUTH.DATA.QUEUE Jim Ford
- Re: MQ Security data in SYSTEM.AUTH.DATA.QUEUE Pavel Tolkachev
- Re: MQ Security data in SYSTEM.AUTH.DATA.QUEUE Wyatt, T. Rob
- Re: MQ Security data in SYSTEM.AUTH.DATA.QUEUE Adiraju, Rao
- Re: MQ Security data in SYSTEM.AUTH.DATA.QUEUE Jim Ford