Accessing and securing your key database files on UNIX and Linux systems

The key database files might not have appropriate access permissions. We must set appropriate access to these files.

For a queue manager, set permissions on the key database files so that queue manager and channel processes can read them when necessary, but other users cannot read or modify them. Normally, the mqm user needs read permissions. If we have created the key database file by logging in as the mqm user, then the permissions are probably sufficient; if you were not the mqm user, but another user in the mqm group, you probably need to grant read permissions to other users in the mqm group.

Similarly for a client, set permissions on the key database files so that client application processes can read them when necessary, but other users cannot read or modify them. Normally, the user under which the client process runs needs read permissions. If we have created the key database file by logging in as that user, then the permissions are probably sufficient; if you were not the client process user, but another user in that group, you probably need to grant read permissions to other users in the group.

Set the permissions on the files key.kdb, key.sth, key.crl, and key.rdb, where key is the stem name of our key database, to read and write for the file owner, and to read for the mqm or client user group (-rw-r-----).

Parent topic: Set up a key repository on UNIX, Linux, and Windows