IBM Support

IT28747: MQSICREATEWORKPATH DOES NOT SET THE SETGID BIT OF THE REGISTRY DIRECTORIES

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • The mqsicreateworkpath command initialises the work path (e.g.
/var/mqsi) with a handful of directories, sets their group to
be mqbrkrs, and sets appropriate security permissions. The
command also attempts to set the setgid bit on the directories
to ensure that any subdirectories also use the mqbrkrs group
regardless of which user creates them, and that this property
is applied recursively. The mqsicreateworkpath command
inadvertantly removes this flag when it sets the group to
mqbrkrs which can result in the directories for integration
server configuration being created with a group that is not the
mqbrkrs group. This may lead to issues when running commands as
different users such as mqsibackupbroker.

Additional Symptom(s) Search Keyword(s):

Local fix

  • Run the following commands from the work path to recursively
change the group of directories to mqbrkrs and set the setgid
stick bit:

find . -type d -exec chgrp mqbrkrs {} \;
find . -type d -exec chmod g+s {} \;

This will need to be run as root, or as a user who has
permissions to change the groups on all the affected folders.

Problem summary

  • ****************************************************************
USERS AFFECTED:
All users of IBM Integration Bus and IBM App Connect Enterprise
on UNIX platforms.	


Platforms affected:
z/OS, Solaris SPARC platform, Solaris x86-64 platform, Linux on
zSeries platform, Linux on x86-64 platform, Linux on Power
platform, HP-UX Itanium platform, AIX

****************************************************************
PROBLEM DESCRIPTION:
When first installing and activating the product using the iib
or ace script, a tool called mqsicreateworkpath is run to create
the registry /var/mqsi. This script is supposed to set the group
"sticky" permissions bit on this directory to ensure that all
files and folders created in the work path is owned by the
mqbrkrs group. The mqsicreateworkpath script did not set the
sticky bit correctly which could cause permission issues when
running commands such as mqsibackupbroker.	

Problem conclusion

  • The mqsicreateworkpath tool correctly sets the group "sticky"
bit on the /var/mqsi directories during installation and
activation.

---------------------------------------------------------------
The fix is targeted for delivery in the following PTFs:

Version    Maintenance Level
v10.0      10.0.0.18
v11.0      11.0.0.6

The latest available maintenance can be obtained from:
http://www-01.ibm.com/support/docview.wss?rs=849&uid=swg27006041

If the maintenance level is not yet available,information on
its planned availability can be found on:
http://www-1.ibm.com/support/docview.wss?rs=849&uid=swg27006308
---------------------------------------------------------------

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IT28747
    • 

  • Reported component name
    INTEGRATION BUS
    • 

  • Reported component ID
    5724J0540
    • 

  • Reported release
    A00
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2019-04-10
    • 

  • Closed date
    2019-09-30
    • 

  • Last modified date
    2019-09-30
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    INTEGRATION BUS
    • 

  • Fixed component ID
    5724J0540
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Product":{"code":"SSNQK6","label":"IBM Integration Bus"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"10.0","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            30 September 2019
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback