Filesystem stanza of the qm.ini file

By default, only members of the mqm group can write directly to error log files and First Failure Data Capture files. We can use the Filesystem stanza to allow users who are not members of the mqm group to access error directories and files.

To allow users who are not members of the mqm group or, on IBM i, are not members of the QMQMADM group, to access error directories and files, we must set:

ValidateAuth=: No

Notes:

Set ValidateAuth= No in the qm.ini file sets permissions on the queue manager error logs, such that those permissions remain unchanged when writing to the error logs.
The text is case sensitive

On IBM i, we must also set the authority for the additional users to *PUBLIC.Note: IBM MQ does not support the addition of users to error logs. We can use this to extend access, by changing the group ownership of the directory and using setgid permissions. For example, to widen access to include members of a group called mqerrors, use the following:

        chgrp mqerrors /var/mqm/errors
        chgrp mqerrors /var/mqm/qmgrs/QMname/errors
        chmod 6770 /var/mqm/qmgrs/QMname/errors

This causes all files within these directories to be created with mqerrors ownership, rather than mqm ownership. Hence, extending access to the members of the mqerrors group.

This approach does not provide o+r permissions on the actual files. Alternatively, a cron job (running under mqm) could periodically change the permissions of the files within these directories, to provide o+r permissions

Parent topic: Attributes for changing queue manager configuration information