ASG
IBM
Zystems
Cressida
Icon
Netflexity
 
  MQSeries.net
Search  Search       Tech Exchange      Education      Certifications      Library      Info Center      SupportPacs      LinkedIn  Search  Search                                                                   FAQ  FAQ   Usergroups  Usergroups
 
Register  ::  Log in Log in to check your private messages
 
RSS Feed - WebSphere MQ Support RSS Feed - Message Broker Support

MQSeries.net Forum Index » General IBM MQ Support » Group memberships of user mqm

Post new topic  Reply to topic Goto page Previous  1, 2
 Group memberships of user mqm « View previous topic :: View next topic » 
Author Message
mqdogsbody
PostPosted: Fri Jun 15, 2012 7:00 am    Post subject: Reply with quote

Acolyte

Joined: 01 Jun 2010
Posts: 71
bruce2359 wrote:
IMHO IBMs choice to create mqm, and require mqm membership, rather than root membership, was to separate WMQ admin from o/s admin. I believe strongly that they chose well.

Seems entirely sensible to me. The alternative is scary!

bruce2359 wrote:
If I had a farthing (whatever that is)

Where are you from? This might count as a "not one-off Britishism" (or "NOOB").

bruce2359 wrote:
every time I shot myself in the foot with my root id...

I never have (yet) but when I was a mail admin I wished Unix (BSD in that case) had a way of enabling or disabling certain group memberships. (This was in the days when you had one physical terminal rather than multiple windows, with the dangerous ones in suitably garish colours.) Unless I was doing mail admin I really didn't want to have my mail admin group access.
_________________
-- mqDB --
Back to top
View user's profile Send private message
mqdogsbody
PostPosted: Fri Jun 15, 2012 7:05 am    Post subject: Re: Group memberships of user mqm Reply with quote

Acolyte

Joined: 01 Jun 2010
Posts: 71
Vitor wrote:
I've always believed they're leveraging the Unix security methods under the covers to build and check ACLs with dummy file names. Given that mqm must own everything & others own nothing actual control comes from groups.

That sounds very plausible. And I guess leveraging the Unix security means you're protected against loopholes opened by certain classes of bug in your code -- even if your securty model is a somewhat bizarre as a result.

Curiosity satisfied! Thank you.
_________________
-- mqDB --
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic  Reply to topic Goto page Previous  1, 2 Page 2 of 2

MQSeries.net Forum Index » General IBM MQ Support » Group memberships of user mqm
Jump to:  



You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Protected by Anti-Spam ACP
  
 


Theme by Dustin Baccetti
Powered by phpBB © 2001, 2002 phpBB Group

Copyright © MQSeries.net. All rights reserved.