Limiting RUNMQSC authority for certain users

Technote (troubleshooting)


Problem(Abstract)

You want to provide limited access to RUNMQSC for non-mqm users. You want to make sure that they can only DISPLAY information about a queue manager and the queue manager's objects.

Cause

WebSphere MQ is configured so that only "mqm" users can use runmqsc. The runmqsc program is shipped with the following permission settings:

-r-sr-s---   1 mqm      mqm


Resolving the problem

  1. Create a non mqm user
  2. setmqaut -m <qmgrname> -t qmgr -p <username> +dsp +connect
  3. Create a copy of runmqsc with execute permission set to all. When the permissions are changed to -r-sr-sr-x this means any user can run runmqsc but when it runs, it runs as user mqm, group mqm due to the Set-user-ID-on-execution and Set-group-ID-on-execution permissions.
  4. cd /var/mqm/qmgrs/<queuemanager name>/@ipcc
  5. chmod +r AMQCLCHL.TAB
  6. chmod +r AMQRFCDA.DAT      

Historical Number

5X543

Product Alias/Synonym

WMQ / MQ

Rate this page:

(0 users)Average rating

Document information


More support for:

WebSphere MQ
Usability

Software version:

5.3, 6.0, 7.0, 7.1, 7.5

Operating system(s):

AIX, HP-UX, Solaris

Reference #:

1027203

Modified date:

2013-06-21

Translate my page

Machine Translation

Content navigation