WebSphere Message Brokers
File: ap08682_
Writer: Stephanie J Strugnell

Reference topic

This build: July 31, 2007 21:34:53

Security requirements for Linux and UNIX platforms

This table is a summary of the authorizations in a Linux or UNIX environment.

User is... Linux or UNIX domain
Creating a component
  • Member of mqbrkrs and mqm.
  • In most situations, the component runs under the login ID used to issue the create command. When root is used to issue the create command, it can nominate any user to run the component.
Installing
  • Superuser.
Uninstalling
  • Superuser.
Changing a component
  • Member of mqbrkrs.
Deleting a component
  • Member of mqbrkrs and mqm.
Starting a component
  • Member of mqbrkrs.
  • Member of mqm.
  • Service user ID.
Stopping a component
  • Member of mqbrkrs.
  • Member of mqm if -q is specified.
  • Service user ID.
Listing a component
  • Member of mqbrkrs.
Changing, displaying, retrieving trace information.
  • Member of mqbrkrs.
Running User Name Server (login ID).
  • Member of mqbrkrs. The User Name Server runs under the login ID specified in the create command.
Running broker (WebSphere MQ non-trusted application) (login ID).
  • Member of mqbrkrs. The broker runs under the login ID specified in the create command.
Running broker (WebSphere MQ trusted application) (login ID).
  • Login ID must be mqm.
  • mqm must be a member of mqbrkrs.
Clearing, joining, listing WebSphere MQ publish/subscribe brokers.
  • Member of mqbrkrs.
Running publish/subscribe applications.
  • Any user, subject to topic and WebSphere MQ queue access control.
Note: When the service user ID is root, all libraries loaded by the broker, including all user-written plug-in libraries and all shared libraries that they might access, also have root access to all system resources (for example, file sets). Review and assess the risk involved in granting this level of authorization.
Related concepts
Authorization to access runtime resources
Related tasks
Setting up broker domain security
Enabling topic-based security
Related reference
mqsicreateaclentry command
mqsideleteaclentry command
mqsilistaclentry command
Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2007Copyright IBM Corporation 1999, 2007. All Rights Reserved.
This build: July 31, 2007 21:34:53

ap08682_ This topic's URL is: