Filesystem

By default, only members of the mqm group can write directly to error log files and First Failure Data Capture files. We can use the Filesystem stanza to allow users who are not members of the mqm group to access error directories and files.

To allow users who are not members of the mqm group or, on IBM® i, are not members of the QMQMADM group, to access error directories and files, you must set:

ValidateAuth=: No

Note that the text is case sensitive.

On IBM i, you must also set the authority for the additional users to *PUBLIC.Note: IBM MQ does not support the addition of users to error logs. We can use this to extend access, by changing the group ownership of the directory and using setgid permissions. For example, to widen access to include members of a group called mqerrors, use the following:

        chgrp mqerrors /var/mqm/errors
        chgrp mqerrors /var/mqm/qmgrs/QMname/errors
        chmod 6770 /var/mqm/qmgrs/QMname/errors

This causes all files within these directories to be created with mqerrors ownership, rather than mqm ownership. Hence, extending access to the members of the mqerrors group.

This approach does not provide o+r permissions on the actual files. Alternatively, a cron job (running under mqm) could periodically change the permissions of the files within these directories, to provide o+r permissions