MQ

 View Only
  • 1.  password for user "mqm"

    Posted Mon June 05, 2023 10:06 AM

    Hi all

    I'm trying to find in MQ docs a paragraph saying user "mqm" on a AIX box doesn't need to have a password. I only find it's optional. Where can I find that info, saying "mqm" user don't need password? . 

    Thanks!

    joao   



    ------------------------------
    JOAO MIGUEL RAMIRES
    ------------------------------


  • 2.  RE: password for user "mqm"

    IBM Champion
    Posted Tue June 06, 2023 02:46 PM

    In my opinion, that is a really bad idea.  Every UserId should have a strong password associated with it. Otherwise, you are leaving the door wide open for hackers.



    ------------------------------
    Roger Lacroix
    CTO
    Capitalware Inc.
    London ON Canada
    https://capitalware.com
    ------------------------------



  • 3.  RE: password for user "mqm"

    Posted Tue June 06, 2023 05:11 PM

    thanks Roger! that is a really good point!  

    Regards



    ------------------------------
    JOAO RAMIRES
    ------------------------------



  • 4.  RE: password for user "mqm"

    Posted Wed June 07, 2023 10:12 PM

    On UNIX systems, the mqm userid does not need to have a known or usable password. It is not required for systemd to start queue managers. If necessary, MQ admin staff userids should have sudo rules to allow switching to mqm without requiring a password, or sudo rules that allow particular commands to be run as mqm. This takes security out of the realm of "need to know the password and store it somewhere safe".



    ------------------------------
    Glenn Baddeley
    Senior Middleware Software Engineer
    Coles Supermarkets Australia Pty Ltd
    ------------------------------



  • 5.  RE: password for user "mqm"

    Posted Fri June 09, 2023 06:41 AM

    Thanks Glenn!

    Yes, the user "mqm" is only used for running queue managers, no one used it to logon, we (the admin staff team) have sudo to the user "mqm". This is the normal way I manage MQ servers (unix's). But I have a installation where a passwd was defined for user "mqm", and someone used it to logon. Now I can remove logon possibility, remove password for the "mqm", or define a complex password. I guess the second option is better as Roger suggested. 



    ------------------------------
    JOAO RAMIRES
    ------------------------------