WebSphere Message Broker, Version 8.0.0.7 Operating Systems: AIX, HP-Itanium, Linux, Solaris, Windows, z/OS

See information about the latest product version

Security on Linux and UNIX systems

Set up the required security on Linux and UNIX systems before you install WebSphere® Message Broker.

Use the security facilities that are provided by your operating system to complete these tasks; for example, the Systems Management Interface Tool (SMIT) on AIX®, or the System Administration Manager on HP-Itanium.

Complete the following actions:

  1. Log in to the system.

    On AIX, you must log in as root. On Linux and on other UNIX computers, your user ID must have root authority. You need this level of authority to set up the security requirements for installing the Broker component. The product can then be installed by a user who does not have root privileges.

    If you are using a Linux on x86 or a Linux on x86-64 system and are not planning to install the Broker component, continue with step 4. Otherwise, follow your local security guidelines to acquire root authority; either login as root, or log in as another user and become root.

    The use of a user ID other than root itself has some advantages; it provides an audit trail of the user ID that installs the product and it limits the scope of root authority to tasks performed in a single session. The use of a user ID other than root might also be mandatory if you are logging in from a remote system.

  2. If you plan to run the installation as a user with root authority, then complete the following steps:
    1. Under root authority, the installation automatically creates a security group called mqbrkrs. You must add your root authority login ID to the group after it has been created.
    2. If you have already installed WebSphere MQ on this system, a group called mqm and a user called mqm are defined. If you have not yet installed WebSphere MQ, you must create this group and user.
    3. Add your root authority user login ID to the group mqm, along with the user ID mqm.
    4. On some systems, you must log off and log on again for these new group definitions (mqbrkrs and mqm) to be recognized.
  3. If you plan to run the installation as a user without root authority, a user with root authority must complete the following steps before installation. If you have other versions of WebSphere Message Broker already installed on the system, you must complete subtasks c, e, f, h, and i only.
    1. Create a security group called mqbrkrs. For example:
      • For non-AIX systems
        sudo groupadd mqbrkrs
      • For AIX
        sudo mkgroup mqbrkrs
      Add your non-root installation user login ID to the group after it has been created.
    2. If WebSphere MQ has already been installed on this system, a group called mqm and a user called mqm are defined. If WebSphere MQ has not been installed, the group and user must be created.
    3. Add your non-root installation user login ID to the group mqm, along with the user ID mqm.
    4. If it does not exist, create the /var/mqsi directory. For example:
      sudo mkdir /var/mqsi
    5. Ensure that the correct ownership and access permissions are set for the /var/mqsi directory. For example:
      sudo chown mqm:mqbrkrs /var/mqsi
      sudo chmod 775 /var/mqsi
      If the directory already exists, perform the command recursively:
      sudo chown -R mqm:mqbrkrs /var/mqsi
      sudo chmod -R ug+rwX /var/mqsi
      Note: This command recursively changes the ownership of all files and directories. Review existing files with a system administrator to ensure this action does not create a security risk.
    6. If multiple users are going to create and use multiple brokers, set the group ID of the /var/mqsi directory so new files and directories inherit the same group ID. Otherwise a broker created by User1, with a primary group of User1, will be accessible to User2 (with a primary group of User2). For example:
      sudo chmod g+s /var/mqsi
      If the broker already exists, perform the command recursively:
       find /var/mqsi -type f -exec chmod g+s {} \;
    7. If the /var/mqsi/install.properties file exists, ensure that your non-root installation user ID has write access to it. For example:
      sudo chmod 664 /var/mqsi/install.properties
    8. If they do not exist, create the directories /opt/ibm/mqsi and /opt/ibm/IE02 for Linux, or /opt/IBM/mqsi and /opt/ibm/IE02 for UNIX. For example:
      • For Linux
        sudo mkdir /opt/ibm/mqsi
        sudo mkdir /opt/ibm/IE02
      • For UNIX
        sudo mkdir /opt/IBM/mqsi
        sudo mkdir /opt/ibm/IE02
    9. Ensure that the correct ownership is assigned to the mqsi directory, along with access permissions to both the mqsi and IE02 directories. For example:
      • For Linux
        sudo chown mqm:mqbrkrs /opt/ibm/mqsi
        sudo chmod 775 /opt/ibm/mqsi
        sudo chmod 775 /opt/ibm/IE02
      • For UNIX
        sudo chown mqm:mqbrkrs /opt/IBM/mqsi
        sudo chmod 775 /opt/IBM/mqsi
        sudo chmod 775 /opt/ibm/IE02
    10. If there are any existing logs from a previous installation of WebSphere Message Broker or IE02 you must delete or rename them, as the installation program may not have the correct permission to replace them. The logs in question can be found in the /var/mqsi directory and have a file type of .log.
    11. If setting the IATEMPDIR variable, ensure that your non-root user ID has write permission to the directory you choose. For example:
      sudo chmod 775 /tmp/IATEMP
      Note: This action is only needed if you have insufficient space in the default file system for the installation.
  4. Verification procedures are provided for Linux on x86 and Linux on x86-64. To complete verification, you do not require root authority. If you install with root authority, but do not want to complete verification with root authority, log off when you have completed installation. Log in with the same or a different user ID, but do not become root.

    If you log in with another user ID, and have not already added this ID to the groups mqbrkrs and mqm, do so before you open the WebSphere Message Broker Toolkit.

Notices | Trademarks | Downloads | Library | Support | Feedback

Copyright IBM Corporation 1999, 2016Copyright IBM Corporation 1999, 2016.

        
        Last updated:
        
        Last updated: 2016-05-23 14:48:12


Task topicTask topic | Version 8.0.0.7 | bh26031_