Reading and writing data and log files authorized by the local mqm group

The task illustrates how to create a queue manager with its data and logs files stored in any directory of our choosing. Access to the files is secured by the local mqm group. The directory is not shared.


Before starting

  1. Install IBM MQ for Windows as the primary installation.
  2. Run the Prepare IBM MQ Wizard.

    For further information, see Configure IBM MQ with the Prepare IBM MQ Wizard.

    For this task, configure the installation either to run with a local user ID, or a domain user ID. Eventually, to complete all the tasks in Windows domains and multi-instance queue managers, the installation must be configured for a domain.

  3. Log on with Administrator authority to perform the first part of the task.


About this task

This task is one of a set of related tasks that illustrate accessing queue manager data and log files. The tasks show how to create a queue manager authorized to read and write data and log files that are stored in a directory of our choosing. They accompany the task, Windows domains and multi-instance queue managers.

On Windows, we can create the default data and log paths for an IBM MQ for Windows in any directories of your choosing. The installation and configuration wizard automatically gives the local mqm group, and the user ID that is running the queue manager processes, access to the directories. If you create a queue manager specifying different directories for queue manager data and log files, we must configure full control permission to the directories.

In this example, you give the queue manager full control over its data and log files by giving the local mqm group permission to the directory c:\wmq.

The crtmqm command creates a queue manager that starts automatically when the workstation starts using the IBM MQ service.

The task is illustrative; it uses specific values that we can change. The values we can change are in italics. At the end of the task, follow the instructions to remove all the changes you made.


Procedure

  1. Open a command prompt.
  2. Type the command:
    md c:\wmq\data, c:\wmq\logs
    
  3. Set the permissions on the directories to allow the local mqm group read and write access.
    cacls c:\wmq/T /E /G mqm:F
    

    The system response:


    processed dir: c:\wmq
    processed dir: c:\wmq\data
    processed dir: c:\wmq\logs

  4. Optional: Switch to a user ID that is a member of the local mqm group.

    • We can continue as Administrator, but for a realistic production configuration, continue with a user ID with more restricted rights. The user ID must at least be a member of the local mqm group.
    • If the IBM MQ installation is configured as part of a domain, make the user ID a member of the Domain mqm group. The Prepare IBM MQ wizard makes the Domain mqm global group a member of the local mqm group, so we do not have to make the user ID directly a member of the local mqm group.

  5. Create the queue manager.
    crtmqm -sax -u SYSTEM.DEAD.LETTER.QUEUE -md c:\wmq\data -ld c:\wmq\logs QMGR
    

    The system response:


    IBM MQ queue manager created.
    Directory 'c:\wmq\data\QMGR' created.
    The queue manager is associated with installation '1'
    Creating or replacing default objects for queue manager 'QMGR'
    Default objects statistics : 74 created. 0 replaced.
    Completing setup.
    Setup completed.

  6. Check that the directories created by the queue manager are in the c:\wmq directory.
    dir c:\wmq/D /B /S
    
  7. Check that the files have read and write, or full control permission for the local mqm group.
    cacls c:\wmq\*.*
    


What to do next

Test the queue manager by putting and getting a message to a queue.

  1. Start the queue manager.
    strmqm QMGR
    
    The system response:
    IBM MQ queue manager 'QMGR' starting.
    The queue manager is associated with installation '1'.
    5 log records accessed on queue manager 'QMGR' during the log
    replay phase.
    Log replay for queue manager 'QMGR' complete.
    Transaction manager state recovered for queue manager 'QMGR'.
    IBM MQ queue manager 'QMGR' started using V7.1.0.0.

  2. Create a test queue.
    echo define qlocal(QTEST) | runmqsc QMGR
    
    The system response:
    5724-H72 (C) Copyright IBM Corp. 1994, 2020.  ALL RIGHTS RESERVED.
    Starting MQSC for queue manager QMGR.


    1 : define qlocal(QTEST)
    AMQ8006: IBM MQ queue created.
    One MQSC command read.
    No commands have a syntax error.
    All valid MQSC commands were processed.

  3. Put a test message using the sample program amqsput.
    echo 'A test message' | amqsput QTEST QMGR
    
    The system response:
    Sample AMQSPUT0 start
    target queue is QTEST
    Sample AMQSPUT0 end

  4. Get the test message using the sample program amqsget.
    amqsget QTEST QMGR
    
    The system response:

    Sample AMQSGET0 start
    message A test message
    Wait 15 seconds ...
    no more messages
    Sample AMQSGET0 end

  5. Stop the queue manager.
    endmqm -i QMGR
    
    The system response:
    IBM MQ queue manager 'QMGR' ending.
    IBM MQ queue manager 'QMGR' ended.

  6. Delete the queue manager.
    dltmqm QMGR
    
    The system response:
    IBM MQ queue manager 'QMGR' deleted.
  7. Delete the directories you created. Tip: Add the /Q option to the commands to prevent the command prompting to delete each file or directory.
    del /F /S C:\wmq\*.*
    rmdir /S C:\wmq
    

Parent topic: Secure unshared queue manager data and log directories and files on Windows


Related concepts


Related tasks