Re: Trigger Monitors
Don't know, I am asking this: Can't you start the TM under another ID in the first place, like this? /usr/bin/su - mqappid -c "/opt/mqm/bin/runmqtrm -m MYQMname -q APP.INIT.QUEUE" & Wouldn't this cause the TM to run as mqappid, and then any process it started would also run as mqappid? -Original Message- From: Miller, Dennis [mailto:[EMAIL PROTECTED] Sent: Friday, July 09, 2004 6:21 PM To: [EMAIL PROTECTED] Subject: Re: Trigger Monitors I think it's not so much the trigger monitor runs under MQM as that the triggered applications also inherit that userid. Since the mqadmin can tightly control what programs the trigger monitor can run, you might consider a scheme where the trigger monitor runs shell scripts that SU to a more appropriate userid before getting on with business logic. Regards, Dennis -Original Message- From: Smith, Gregory [mailto:[EMAIL PROTECTED] Sent: Friday, July 09, 2004 11:47 AM To: [EMAIL PROTECTED] Subject: Trigger Monitors I'm posting this here for discussion and will likely open a PMR with IBM to get their perspective. In the UNIX realm for a while we have discussed the fact we are not comfortable triggering an application and having it run as mqm with full mqm privileges. We would prefer and are considering having multiple trigger monitors each running under a unique application group id. Naturally out of the box the trigger monitors attributes are set to force the monitor to run as mqm as the example below shows: lx03-cluster:#> ls -al /opt/mqm/bin/run* -r-sr-s---1 mqm mqm 18328 Feb 11 16:09 /opt/mqm/bin/runmqtmc #1 - Is anyone aware of a technical reason for this? We are considering two approaches to this a) Placing a copy of the executable in each application groups home directory. The down side to this is we could have many versions that we as admins would have to keep track of whenever we apply maintenance to the software. b) Modifying the attributes of the source -r-xr-x---1 mqm mqapp 18328 Feb 11 16:09 /opt/mqm/bin/runmqtmc but again we would need to keep note of this whenever we apply maintenance to the software however this would be the lesser of the two evils. c) are there other options?? Thanks for your input in advance! Gregory P. Smith Pioneer, A DuPont Company E-Mail: No SPAM:[EMAIL PROTECTED] Phone: 515-253-2468 This communication is for use by the intended recipient and contains information that may be privileged, confidential or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system. Unless explicitly and conspicuously designated as "E-Contract Intended", this e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer. This e-mail does not constitute a consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties. Francais Deutsch Italiano Espanol Portugues Japanese Chinese Korean http://www.DuPont.com/corp/email_disclaimer.html Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive This communication, including attachments, is for the exclusive use of addressee and may contain proprietary, confidential or privileged information. If you are not the intended recipient, any use, copying, disclosure, dissemination or distribution is strictly prohibited. If you are not the intended recipient, please notify the sender immediately by return email and delete this communication and destroy all copies. Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: Trigger Monitors
I think it's not so much the trigger monitor runs under MQM as that the triggered applications also inherit that userid. Since the mqadmin can tightly control what programs the trigger monitor can run, you might consider a scheme where the trigger monitor runs shell scripts that SU to a more appropriate userid before getting on with business logic. Regards, Dennis -Original Message- From: Smith, Gregory [mailto:[EMAIL PROTECTED] Sent: Friday, July 09, 2004 11:47 AM To: [EMAIL PROTECTED] Subject: Trigger Monitors I'm posting this here for discussion and will likely open a PMR with IBM to get their perspective. In the UNIX realm for a while we have discussed the fact we are not comfortable triggering an application and having it run as mqm with full mqm privileges. We would prefer and are considering having multiple trigger monitors each running under a unique application group id. Naturally out of the box the trigger monitors attributes are set to force the monitor to run as mqm as the example below shows: lx03-cluster:#> ls -al /opt/mqm/bin/run* -r-sr-s---1 mqm mqm 18328 Feb 11 16:09 /opt/mqm/bin/runmqtmc #1 - Is anyone aware of a technical reason for this? We are considering two approaches to this a) Placing a copy of the executable in each application groups home directory. The down side to this is we could have many versions that we as admins would have to keep track of whenever we apply maintenance to the software. b) Modifying the attributes of the source -r-xr-x---1 mqm mqapp 18328 Feb 11 16:09 /opt/mqm/bin/runmqtmc but again we would need to keep note of this whenever we apply maintenance to the software however this would be the lesser of the two evils. c) are there other options?? Thanks for your input in advance! Gregory P. Smith Pioneer, A DuPont Company E-Mail: No SPAM:[EMAIL PROTECTED] Phone: 515-253-2468 This communication is for use by the intended recipient and contains information that may be privileged, confidential or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system. Unless explicitly and conspicuously designated as "E-Contract Intended", this e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer. This e-mail does not constitute a consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties. Francais Deutsch Italiano Espanol Portugues Japanese Chinese Korean http://www.DuPont.com/corp/email_disclaimer.html Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
MQRC_BACKOUT
We have a JAVA program using the java client libraries. The code uses a SVRCONN channel. The java code is sent some java objects and it serialized then and puts them into an object list. When it executes the 'message.writeobject', an exception is thrown. Basically 2003 - MQRC_BACKOUT. Our understanding is the message is being built and not using the SVRCONN channel to do anything since a put message has not been called yet. Granted, we are placing 500+ serialized objects in the object list but now sure where a log is being used to cause the BACKOUT error. I suspect the queue manager log is not being used since it has linear logs and 10,000 uncommited messages set. We are trying to create a single message, the MAXMSGL parameters are 100MB but if the SVRCONN channel and the queue manager is not being used yet, this does not seem to be relavent. Does the java client have its own internal log that can fill up with a long running unit of work? Any thoughts would be appreciated. Jeff Tressler Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: Trigger Monitors
Gregory, There are others who do run the trigger monitor under a userid other than root. I have an old posting that discusses this (see below). As for your questions: 1. Ask IBM. It's their product and they would know what the original thought was behind using mqm. 2. See posting below (and others on the list will probably have other ideas as well). To: [EMAIL PROTECTED] cc:(bcc: Richard Tsujimoto/CHASE) From: Brian Shelden <[EMAIL PROTECTED]> Date: 02/05/98 02:44:51 PM GMT Subject:Re: Unix Trigger Monitor >On Unix, triggered processes run under the same ID that the trigger monitor is >started with. This will be a problem at our shop, particularly with processes >that will connect to Oracle (just about all of them). Our DBAs will insist on >some way to differentiate Oracle threads. > >So... I'm thinking about changing the sample trigger monitor source >(amqstrg0.c). I thought I could place the ID to be used in the envrdata >attribute of the process definition. Then, instead of the monitor starting the >command by using system(), I would use: >system(su - "-c ") >This ought to work as long as the monitor is started as root. I don't know about the envrdata issue. However, you might want to rethink running the trigger monitor as root. If all you're trying to do is get a program to run as a particular user, why not set the application to run setuid? a) it's really easy (chmod u+s ) b) you don't need to change the trigger monitor nor your application, and c) running the trigger monitor as root exposes some serious security holes in your system. There are other ways to do this, too. But in it general, it's a bad idea to run anything as root that doesn't need it--especially a program whose job it is to run other programs. --Brian T. SheldenCertified MQSeries Specialist [EMAIL PROTECTED] IBM Global Services (914) 759-2348 (T/L 248) Sterling Forest, NY 10979 "Smith, Gregory" <[EMAIL PROTECTED] ONEER.COM> To Sent by: MQSeries [EMAIL PROTECTED] List cc <[EMAIL PROTECTED] n.AC.AT> Subject Trigger Monitors 07/09/2004 02:47 PM Please respond to MQSeries List <[EMAIL PROTECTED] n.AC.AT> I'm posting this here for discussion and will likely open a PMR with IBM to get their perspective. In the UNIX realm for a while we have discussed the fact we are not comfortable triggering an application and having it run as mqm with full mqm privileges. We would prefer and are considering having multiple trigger monitors each running under a unique application group id. Naturally out of the box the trigger monitors attributes are set to force the monitor to run as mqm as the example below shows: lx03-cluster:#> ls -al /opt/mqm/bin/run* -r-sr-s---1 mqm mqm 18328 Feb 11 16:09 /opt/mqm/bin/runmqtmc #1 - Is anyone aware of a technical reason for this? We are considering two approaches to this a) Placing a copy of the executable in each application groups home directory. The down side to this is we could have many versions that we as admins would have to keep track of whenever we apply maintenance to the software. b) Modifying the attributes of the source -r-xr-x---1 mqm mqapp 18328 Feb 11 16:09 /opt/mqm/bin/runmqtmc but again we would need to keep note of this whenever we apply maintenance to the software however this would be the lesser of the two evils. c) are there other options?? Thanks for your input in advance! Gregory P. Smith Pioneer, A DuPont Company E-Mail: No SPAM:[EMAIL PROTECTED] Phone: 515-253-2468 This communication is for use by the intended recipient and contains information that may be privileged, confidential or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system. Unless explicitly and conspicuously designated as "E-Contract Intended", this e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer. This e-mail does not constitute a consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties. Francais Deutsch Italiano Espanol Portugues Japanese Chinese Korean http://www.DuPont.com/corp/email_disclaimer.html Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at
Trigger Monitors
I'm posting this here for discussion and will likely open a PMR with IBM to get their perspective. In the UNIX realm for a while we have discussed the fact we are not comfortable triggering an application and having it run as mqm with full mqm privileges. We would prefer and are considering having multiple trigger monitors each running under a unique application group id. Naturally out of the box the trigger monitors attributes are set to force the monitor to run as mqm as the example below shows: lx03-cluster:#> ls -al /opt/mqm/bin/run* -r-sr-s---1 mqm mqm 18328 Feb 11 16:09 /opt/mqm/bin/runmqtmc #1 - Is anyone aware of a technical reason for this? We are considering two approaches to this a) Placing a copy of the executable in each application groups home directory. The down side to this is we could have many versions that we as admins would have to keep track of whenever we apply maintenance to the software. b) Modifying the attributes of the source -r-xr-x---1 mqm mqapp 18328 Feb 11 16:09 /opt/mqm/bin/runmqtmc but again we would need to keep note of this whenever we apply maintenance to the software however this would be the lesser of the two evils. c) are there other options?? Thanks for your input in advance! Gregory P. Smith Pioneer, A DuPont Company E-Mail: No SPAM:[EMAIL PROTECTED] Phone: 515-253-2468 This communication is for use by the intended recipient and contains information that may be privileged, confidential or copyrighted under applicable law. If you are not the intended recipient, you are hereby formally notified that any use, copying or distribution of this e-mail, in whole or in part, is strictly prohibited. Please notify the sender by return e-mail and delete this e-mail from your system. Unless explicitly and conspicuously designated as "E-Contract Intended", this e-mail does not constitute a contract offer, a contract amendment, or an acceptance of a contract offer. This e-mail does not constitute a consent to the use of sender's contact information for direct marketing purposes or for transfers of data to third parties. Francais Deutsch Italiano Espanol Portugues Japanese Chinese Korean http://www.DuPont.com/corp/email_disclaimer.html Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
WBI MESSAGE BROKER REQUIREMENT - NETHERLANDS - 3 MONTHS[Scanned]
Hi Would anybody be interested in a three month initial contract in the Netherlands for a WBI MB V5 role. My client is looking for someone to build upto 20 interfaces from ALE Point to Point to WBI MB V5. If this is of interest and you are available soon please let me know. I am looking for two people. Regards, Paul Flynn European Staffing Solutions 0044 870 1 69 69 70 [EMAIL PROTECTED] -Original Message- From: MQSeries List [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: 08 July 2004 21:02 To: [EMAIL PROTECTED] Subject: Steve Goss/AGL/UK/AON is out of the office. I will be out of the office from 07/07/2004 until 13/07/2004. I will respond to your message when I return. If you have an ETL related issue please contact Neville Labadie. If you have an MQ related issue please contact Catherine Kelly. If you have an ePlatform related issue please conact Ken Walker. Disclosure of Material Facts Every Proposer or Insured / Reinsured when seeking new insurance / reinsurance or renewing an existing Policy must disclose any information which might influence the Insurer / Reinsurer in deciding whether or not to accept the risk, what the terms should be, or what premiums to charge. Failure to do so may render the insurance / reinsurance voidable from inception and enable the Insurer / Reinsurer to repudiate liability. This email, together with any attachments, is for the exclusive and confidential use of the addressee(s) and may contain legally privileged information. Any other distribution, use or reproduction without the sender's prior consent is unauthorised and strictly prohibited. If you have received this message in error, please notify the sender by email immediately and delete the message from your computer without making any copies. While attachments are virus checked, Aon Limited does not accept any liability in respect of any virus which is not detected. Aon Limited Company Number: 210725 Registered Address: 8 Devonshire Square, London, EC2M 4PL Aon Limited is a member of the General Insurance Standards Council (registration 2239) Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
Re: WBIMB DOMAIN Missing
I found that trick tooo. But I didn't like it. So I copied off my \WBIMB\eclipse\workspace directory and deinstalled and reinstalled the Toolkit. What was nice is that the workspace was not deleted by the uninstall. When I brought up the toolkit after the reinstall all my flows, sets and files were there. (thanks to IBM's not so clean uninstall) BUT...the good news is it dropped the DOMAIN from where it was hiding it (I guess the registery). So now I was able to reconnect to the Config Mgr. When I posted the message I was wondering if anyone opened up a PMR and got IBM's fix on this. I was assuming it didn't entail uninstalling OR setting up a new server project. Thanks! bobbee From: Bhapinder Bagar <[EMAIL PROTECTED]> Reply-To: MQSeries List <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: WBIMB DOMAIN Missing Date: Thu, 8 Jul 2004 21:15:36 +0100 Although this is not the preferred solution, we created a new server project and that allowed us to connect back to the domain. Regards, Bhapinder "Robert Broderick" <[EMAIL PROTECTED]> Sent by: "MQSeries List" <[EMAIL PROTECTED]> 08-Jul-2004 20:44 Please respond to "MQSeries List" <[EMAIL PROTECTED]> To [EMAIL PROTECTED] cc Subject WBIMB DOMAIN Missing ALRIGHT!!! Who said they had the problem with the DOMAIN missing from the ADMIN Prospective. I think you gave me your virus! I bring up the Toolkit 5 min ago and the DOMAIN is G-O-N-E!!. I tried to recreate it and it sez it already exist!!! I am afraid I will have to delete the Toolkit from the Desktop. bobbee _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/ Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive _ Check out the latest news, polls and tools in the MSN 2004 Election Guide! http://special.msn.com/msn/election2004.armx Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com Archive: http://vm.akh-wien.ac.at/MQSeries.archive
