| Author |
Message
|
| RaviKrG |
 Posted: Sat Jan 17, 2009 5:11 am Post subject: |
 |
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Also I found the third permission option as below
-r-xr-x--- 1 mqm mqm 37952 Mar 7 2007 amqoamd
Now I have three set of permissions to be set for different commands.
which commands need to have which permission as this will be difficukt ot answer I suppose |
|
| Back to top |
|
 |
| fjb_saper |
| Posted: Sat Jan 17, 2009 6:17 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20763
Location: LI,NY
|
| RaviKrG wrote: |
Thanks fjb this is done but still there are commands which has different permissions as
-r-xr-xr-x 1 mqm mqm 43784 Mar 7 2007 dspmqtrc
and
-r-sr-s--- 1 mqm mqm 18704 Mar 7 2007 runmqsc
now is there a way to distinguish between the command which should have the 1st permission and which should have the second permission.
Also I am still thinking on the issue that what made the person to change the permission here (What could have been the reason that he has played with the permission of these commands.)
Thanks |
Somebody security minded who saw the sticky bit as a security problem and went on a crusade to get rid of it, not caring  if the application had specific needs... 
dspmqtrc looks fine . Have the same permissions as what you're displaying.
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Sat Jan 17, 2009 6:20 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20763
Location: LI,NY
|
| RaviKrG wrote: |
Also I found the third permission option as below
-r-xr-x--- 1 mqm mqm 37952 Mar 7 2007 amqoamd
Now I have three set of permissions to be set for different commands.
which commands need to have which permission as this will be difficukt ot answer I suppose |
Same permissions for me for that one.
The easiest way to settle all this is to do a fresh install on another box. Then take note of all the permissions and set them to what they need to be on your current box...
Can't go piece by piece mincing meat here...
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Sat Jan 17, 2009 6:31 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Thanks fjb, Finally after breaking my head I have the following after seeing these on another solaris machine
-r-sr-sr-x 1 mqm mqm 557 Nov 18 2004 amqwCleanSideQueue.sh
-r-sr-sr-x 1 mqm mqm 606 Nov 18 2004 amqwstartwin.sh
-r-sr-sr-x 1 mqm mqm 8380 Dec 16 2004 restrictedmode_migrateQM
-r-sr-sr-x 1 mqm mqm 692 Jan 27 2005 amqwdeployWMQService.sh
-r-sr-sr-x 1 mqm mqm 874 Jan 27 2005 amqwclientConfig.sh
-r-sr-sr-x 1 mqm mqm 576 Jan 28 2005 amqwclientTransport.wsdd
-r-xr-x--- 1 mqm mqm 688 Mar 3 2005 dltmqlnk
-r-xr-x--- 1 mqm mqm 778 Mar 3 2005 crtmqlnk
-r-sr-sr-x 1 mqm mqm 3997 Mar 25 2005 amqwsetcp.sh
-r-sr-s--- 1 mqm mqm 21392 May 20 2005 amqharmx
-r-sr-s--- 1 mqm mqm 21392 May 20 2005 amqhasmx
-r-sr-s--- 1 mqm mqm 13856 May 20 2005 dmpmqlog
-r-sr-s--- 1 mqm mqm 426296 May 20 2005 amqzlaa0_nd
-r-sr-s--- 1 mqm mqm 412368 May 20 2005 amqzlsa0_nd
-r-sr-s--- 1 mqm mqm 20976 May 20 2005 amqzllp0
-r-sr-s--- 1 mqm mqm 22088 May 20 2005 amqldmpa
-r-sr-sr-x 1 mqm mqm 588584 May 20 2005 dspmqrte
-r-sr-s--- 1 mqm mqm 32752 May 20 2005 dspmqfls
-r-sr-s--- 1 mqm mqm 19296 May 20 2005 dspmqcsv
-r-sr-s--- 1 mqm mqm 16600 May 20 2005 strmqcsv
-r-sr-s--- 1 mqm mqm 27744 May 20 2005 endmqcsv
-r-sr-s--- 1 mqm mqm 65760 May 20 2005 amqpcsea
-r-sr-s--- 1 mqm mqm 56400 May 20 2005 rcrmqobj
-r-sr-s--- 1 mqm mqm 41056 May 20 2005 rcdmqimg
-r-sr-s--- 1 mqm mqm 198896 May 20 2005 runmqdlq
-r-sr-sr-x 1 mqm mqm 23344 May 20 2005 dspmqver
-r-xr-x--- 1 mqm mqm 10768 May 20 2005 mqver
-r-sr-s--- 1 mqm mqm 301456 May 20 2005 amqzxma0_nd
-r-sr-s--- 1 mqm mqm 292800 May 20 2005 crtmqm
-r-sr-s--- 1 mqm mqm 69992 May 20 2005 dltmqm_nd
-r-sr-x--- 1 mqm mqm 50096 May 20 2005 endmqm
-r-sr-x--- 1 mqm mqm 258328 May 20 2005 strmqm
-r-sr-s--- 1 mqm mqm 50152 May 20 2005 setmqprd
-r-sr-s--- 1 mqm mqm 27896 May 20 2005 amqzslf0
-r-sr-s--- 1 mqm mqm 35856 May 20 2005 dspmqaut
-r-sr-s--- 1 mqm mqm 36512 May 20 2005 setmqaut
-r-sr-s--- 1 mqm mqm 39152 May 20 2005 dmpmqaut
-r-sr-s--- 1 mqm mqm 30928 May 20 2005 rsvmqtrn
-r-sr-s--- 1 mqm mqm 36936 May 20 2005 dspmqtrn
-r-sr-sr-x 1 mqm mqm 175840 May 20 2005 dspmq
-r-sr-s--- 1 mqm mqm 114440 May 20 2005 amqzmgr0
-r-sr-s--- 1 mqm mqm 54216 May 20 2005 amqzmur0
-r-sr-s--- 1 mqm mqm 72704 May 20 2005 amqzmuc0
-r-sr-s--- 1 mqm mqm 32344 May 20 2005 runmqtrm
-r-sr-s--- 1 mqm mqm 32328 May 20 2005 runmqtmc
-rwsr-s--- 1 mqm mqm 20876 May 20 2005 amqltmc0
-r-sr-s--- 1 mqm mqm 215656 May 20 2005 amqzdmaa
-r-sr-s--- 1 mqm mqm 127064 May 20 2005 strmqtrc
-r-sr-s--- 1 mqm mqm 124832 May 20 2005 endmqtrc
-r-sr-s--- 1 mqm mqm 20496 May 20 2005 amqcrsta_nd
-r-sr-sr-x 1 mqm mqm 18760 May 20 2005 amqcrs6a_nd
-r-sr-s--- 1 mqm mqm 19080 May 20 2005 runmqchl_nd
-r-sr-s--- 1 mqm mqm 13696 May 20 2005 amqrmppa
-r-sr-s--- 1 mqm mqm 47392 May 20 2005 runmqchi
-r-sr-s--- 1 mqm mqm 70432 May 20 2005 runmqlsr_nd
-r-sr-s--- 1 mqm mqm 22968 May 20 2005 endmqlsr
-r-sr-s--- 1 mqm mqm 488752 May 20 2005 amqrrmfa
-r-sr-s--- 1 mqm mqm 18768 May 20 2005 amqrfdm
-r-sr-s--- 1 mqm mqm 31896 May 20 2005 amqrdbgm
-r-sr-s--- 1 mqm mqm 91968 May 20 2005 amqrcmla
-r-sr-s--- 1 mqm mqm 18720 May 20 2005 runmqsc
-r-sr-sr-x 1 mqm mqm 43872 May 20 2005 dspmqtrc
-r-sr-sr-x 1 mqm mqm 78000 May 20 2005 crtmqcvx
-r-sr-sr-x 1 mqm mqm 23832 May 20 2005 amqxmsg0-r-sr-s--- 1 mqm mqm 30480 May 20 2005 amqzlwa0
-r-sr-sr-x 1 mqm mqm 35520 May 20 2005 amqiclen
-r-xr-x--- 1 mqm mqm 30824 May 20 2005 amqicdir
-r-sr-s--- 1 mqm mqm 13328 May 20 2005 runmqbrk
-r-sr-s--- 1 mqm mqm 13328 May 20 2005 amqfcxba
-r-sr-s--- 1 mqm mqm 13320 May 20 2005 strmqbrk
-r-sr-s--- 1 mqm mqm 13320 May 20 2005 endmqbrk
-r-sr-s--- 1 mqm mqm 13328 May 20 2005 dspmqbrk
-r-sr-s--- 1 mqm mqm 13320 May 20 2005 dltmqbrk
-r-sr-s--- 1 mqm mqm 13320 May 20 2005 clrmqbrk
-r-sr-s--- 1 mqm mqm 13328 May 20 2005 migmqbrk
-r-xr-x--- 1 mqm mqm 37304 May 20 2005 ffstsummary
-r-xr-x--- 1 mqm mqm 174048 May 20 2005 mqrc
-r-sr-s--- 1 mqm mqm 95368 May 20 2005 amqzfuma
-r-xr-x--- 1 mqm mqm 37480 May 20 2005 amqoamd
-r-sr-sr-x 1 mqm mqm 17704 May 20 2005 amqsstop
I am not sure whether the permissions are proper here but still I am finding to change some permission like
-r-xr-xr-x 1 mqm mqm 17656 Mar 7 2007 amqsstop
But now I was facing some problem with another id wbim which is a member of mqm group as with user id wbim only "dspmq" was working but after i have made some chnages now its working but not sure for how much time this will long
Well thanks for your valuable help fjb on this weekend |
|
| Back to top |
|
|
| Philip Morten |
| Posted: Wed Jan 21, 2009 4:26 am Post subject: |
|
|
Master
Joined: 07 Mar 2002
Posts: 230
Location: Hursley Park
|
For reference the correct file modes ( for all pkgadd installed files ) can be found in the file /var/sadm/install/contents
_________________
Philip Morten
The postings on this site are my own and do not necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Wed Jan 21, 2009 4:35 am Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Thanks Philip,
But since two weeks I am facing some horrible problem. somehow the group was changed for as in previous post an somebody has then changed the permissions, finally the group problem was resolved .'
BUT now again I had a problem with broker. After the MQ , MB was insalled but later i got the broker commands were having two groups as bin and mqbrkrs. I think the group for the broker commands should be " bin "
I am thinking to reinstall the MQ and MB both again, But still I am clueless why the groups are being changed and how this is being changed ? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Wed Jan 21, 2009 2:37 pm Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20763
Location: LI,NY
|
| RaviKrG wrote: |
I am thinking to reinstall the MQ and MB both again, But still I am clueless why the groups are being changed and how this is being changed ? |
If you don't do the installs yourself and nobody else with root authority touches this I would be inclined to call an overly sensitive security group to come front and center and explain why they think the security is wrong on the installation... and why they had to change it.
Are they running batch jobs and stuff changing the security of newly installed apps automatically?
Have fun
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| RaviKrG |
| Posted: Thu Jan 22, 2009 10:05 pm Post subject: |
|
|
Master
Joined: 07 Sep 2008
Posts: 240
|
Phil,
After checking the file I got something like this
/usr/share/man/man1/disq.1 f man 0444 bin bin 17244 34210 1109363516 mqm
/usr/share/man/man1/disqmgr.1 f man 0444 bin bin 16010 3169 1109363516 mqm
/usr/share/man/man1/dltmqm.1 f man 0444 bin bin 1683 3271 1109363515 mqm
/usr/share/man/man1/dmpmqlog.1 f man 0444 bin bin 3392 30673 1109363517 mqm
/usr/share/man/man1/dspmqaut.1 f man 0444 bin bin 6275 31747 1109363515 mqm
Not able to get what this really mean ? |
|
| Back to top |
|
|
| fjb_saper |
| Posted: Fri Jan 23, 2009 4:20 am Post subject: |
|
|
Grand High Poobah
Joined: 18 Nov 2003
Posts: 20763
Location: LI,NY
|
| RaviKrG wrote: |
Phil,
After checking the file I got something like this
/usr/share/man/man1/disq.1 f man 0444 bin bin 17244 34210 1109363516 mqm
/usr/share/man/man1/disqmgr.1 f man 0444 bin bin 16010 3169 1109363516 mqm
/usr/share/man/man1/dltmqm.1 f man 0444 bin bin 1683 3271 1109363515 mqm
/usr/share/man/man1/dmpmqlog.1 f man 0444 bin bin 3392 30673 1109363517 mqm
/usr/share/man/man1/dspmqaut.1 f man 0444 bin bin 6275 31747 1109363515 mqm
Not able to get what this really mean ? |
Is this installed on some remote server and just nfs mounted onto yours and now the mqm userId # / groupId # do not match ?
_________________
MQ & Broker admin |
|
| Back to top |
|
|
| Philip Morten |
| Posted: Mon Feb 02, 2009 6:41 am Post subject: |
|
|
Master
Joined: 07 Mar 2002
Posts: 230
Location: Hursley Park
|
| RaviKrG wrote: |
Phil,
After checking the file I got something like this
/usr/share/man/man1/disq.1 f man 0444 bin bin 17244 34210 1109363516 mqm
Not able to get what this really mean ? |
See man contents for the full details but the fields for an entry of type file are :
path type CLASS mode owner group size checksum modification_time packagename
You can use pkgchk to verify the installation against the contents file.
_________________
Philip Morten
The postings on this site are my own and do not necessarily represent IBM's positions, strategies or opinions. |
|
| Back to top |
|
|
|
|
