ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » Is it mandatory to create uid gid groups with same ID

Post new topic  Reply to topic
 Is it mandatory to create uid gid groups with same ID « View previous topic :: View next topic » 
Author Message
narayanarvr
PostPosted: Tue Aug 09, 2022 8:34 pm    Post subject: Is it mandatory to create uid gid groups with same ID Reply with quote

Voyager

Joined: 09 Oct 2012
Posts: 84

Hi Team,

Good day!

I have small doubt like is it mandatory to create uid gid groups with same numeric ID before installing MQ on Linux.

# id mqm
uid=501(mqm) gid=501(mqm) groups=501(mqm)

The reason I am asking is, I created with same numeric IDs but someone changed it, do I need to change IDs or do I need to create same ids and need to reinstall?

Please advise.
Back to top
View user's profile Send private message
exerk
PostPosted: Wed Aug 10, 2022 2:42 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

Investigate who changed it, what exactly they changed, why they changed it, and work with them to ensure it doesn't happen again, especially in HA environments.

What errors, if any, has MQ displayed since the change?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
narayanarvr
PostPosted: Wed Aug 10, 2022 7:37 am    Post subject: Reply with quote

Voyager

Joined: 09 Oct 2012
Posts: 84

Thank you for your answer.

I am investigating who changed it why did they do.

I managed to restore ownership by looking at other same environment and it worked and able to start the queue managers without issue, but is it good to change the ownership manually?
Back to top
View user's profile Send private message
exerk
PostPosted: Wed Aug 10, 2022 7:45 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

narayanarvr wrote:
...I managed to restore ownership by looking at other same environment and it worked and able to start the queue managers without issue, but is it good to change the ownership manually?

My apologies, but I don't quite understand the above.

Did you have to do anything specific to "...restore ownership..." ?

What exactly do you mean by "...change the ownership manually...", i.e., was ownership on MQ-specific directories/files changed, e.g. from mqm:mqm to some:other ?
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
narayanarvr
PostPosted: Wed Aug 10, 2022 7:54 am    Post subject: Reply with quote

Voyager

Joined: 09 Oct 2012
Posts: 84

Hi Exerk,

Sorry if I conveyed wrong.

Yes, you are correct I changed ownership exactly as you mentioned below

ownership on MQ-specific directories/files changed, e.g. from mqm:mqm to some:other

I applied chown -R mqm:mqm /opt/mqm etc.., it worked, but I have a doubt that will it backfire somewhere ?

Please advise.
Back to top
View user's profile Send private message
exerk
PostPosted: Wed Aug 10, 2022 8:28 am    Post subject: Reply with quote

Jedi Council

Joined: 02 Nov 2006
Posts: 6339

I think you need to have a discussion with the colleague that changed it all - preferably in a dark alley, and you with a cricket bat in your hand to beat it into them that what they did was not-a-good-idea ...

...joking aside, you're lucky that you could recover it so quickly, but unfortunately you have no easy way of knowing whether something further down the timeline will rise up and bite you.

The crtmqdir command may be of help to you, and if your security department have questions then THIS should help allay any fears they may have.

The above links are from the MQ V9.3 Knowledge Centre, so please check validity against your MQ version(s).
_________________
It's puzzling, I don't think I've ever seen anything quite like this before...and it's hard to soar like an eagle when you're surrounded by turkeys.
Back to top
View user's profile Send private message
gbaddeley
PostPosted: Wed Aug 10, 2022 2:52 pm    Post subject: Re: Is it mandatory to create uid gid groups with same ID Reply with quote

Jedi

Joined: 25 Mar 2003
Posts: 2492
Location: Melbourne, Australia

narayanarvr wrote:
Hi Team,
Good day!
I have small doubt like is it mandatory to create uid gid groups with same numeric ID before installing MQ on Linux.
# id mqm
uid=501(mqm) gid=501(mqm) groups=501(mqm)
The reason I am asking is, I created with same numeric IDs but someone changed it, do I need to change IDs or do I need to create same ids and need to reinstall?
Please advise.

The mqm group and mqm userid can have any valid numeric ID. They don't need to be the same ID. If you don't create them before installing MQ, the MQ installation will do it for you. Once created, the numeric IDs must not be changed, as the whole UNIX identity and permissions system is built around these IDs. Messing with them will cause issues for MQ. If you try to remediate using chown -R, you can never be quite sure that you fixed everything correctly.
_________________
Glenn
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Page 1 of 1

MQSeries.net Forum Index » IBM MQ Installation/Configuration Support » Is it mandatory to create uid gid groups with same ID
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
 
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.