Set up security on UNIX, Linux, and Windows

Security considerations specific to UNIX, Linux, and Windows systems.

Who can administer IBM MQ

We can define the set of users who can issue commands to administer IBM MQ.

Who can use IBM MQ objects

We can define which users (usually applications) can use MQI calls and PCF commands to do the following:

• Who can connect to a queue manager.
• Who can access objects (queues, process definitions, namelists, channels, client connection channels, listeners, services, and authentication information objects), and what type of access they have to those objects.
• Who can access IBM MQ messages.
• Who can access the context information associated with a message.

Channel security

We need to ensure that channels used to send messages to remote systems can access the required resources.

We can use standard operating facilities to grant access to program libraries, MQI link libraries, and commands. However, the directory containing queues and other queue manager data is private to IBM MQ; do not use standard operating system commands to grant or revoke authorizations to MQI resources.

• How authorizations work on UNIX, Linux, and Windows
  The authorization specification tables in the topics in this section define precisely how the authorizations work and the restrictions that apply.
• Create and manage groups on AIX
  On AIX, providing we are not using NIS or NIS+, use SMITTY to work with groups.
• Create and manage groups on Linux
  On Linux, providing we are not using NIS or NIS+, use the /etc/group file to work with groups.
• Create and manage groups on Windows
  On Windows, we use the Computer Management feature to administer groups on a workstation or member server machine.
• Special considerations for security on Windows
  Some security functions behave differently on different versions of Windows.

Parent topic: Set up security