[Linux]

Setting up the user and group on Linux

On Linux® systems, IBM® MQ requires a user ID of the name mqm, with a primary group of mqm. The mqm user ID owns the directories and files that contain the resources associated with the product.

Using Active Directory

If you are using Active Directory to provide centralized user and group definitions to your Linux system, it is not possible to have both an mqm user and mqm group definition in Active Directory because that service does not permit users and groups to have the same name.

You should:
  • Put an mqm group definition in the Active Directory before installing IBM MQ, so that other users in the directory can later be made part of the shared group definition.
  • Create the mqm user locally, or allow it to be created during the installation process.

Creating the user ID and group

Set the primary group of the mqm user to the group mqm.

If you are installing IBM MQ on multiple systems you might want to ensure each UID and GID of mqm has the same value on all systems. If you are planning to configure multi-instance queue managers, it is essential the UID and GID are the same from system to system. It is also important to have the same UID and GID values in virtualization scenarios.

RPM creates the mqm user ID and group mqm, with a home directory of /var/mqm, as part of the installation procedure if they do not exist.

If you have special requirements for these IDs ( for example they need to have the same values as other machines you are using, or your users and group ID are centrally managed) you should create the IDs before running the installation procedure, using the groupadd and useradd commands to set the UID and GID the same on each machine.
Note: The only IBM MQ requirement, is that the mqm user should have the mqm group as its primary group.

Adding existing user IDs to the group on Linux systems

If you want to run administration commands, for example crtmqm (create queue manager) or strmqm (start queue manager), your user ID must be a member of the mqm group. This user ID must not be longer than 12 characters.

Users do not need mqm group authority to run applications that use the queue manager; it is needed only for the administration commands.

Log files created by MQ Telemetry service

The umask setting of the user ID that creates a queue manager will determine the permissions of the Telemetry log files generated for that queue manager. Even though the ownership of the log files will be set to mqm.