Hi T.Rob,
I had one other idea about this issue. The getpwuid_r is searching the password database (i.e. /etc/passwd file, LDAP, etc.) and the 0 return code is saying the id was not found. If the 10211 user id does exist locally on the /etc/passwd file, you might be encountering an issue where an earlier record before the 10211 id is corrupted or has a bad character which is causing the getpwuid_r function to not find the 10211 record in the /etc/passwd file. I have seen something similar happen with a poorly formatted record in the /etc/group file, which caused MQ to miss later group records when it was parsing the /etc/group file with the getgrent function.
Anyway, it might be worth checking. You can use the "od -c /etc/passwd" command (octal dump) to help see if there is a record with a bad format.
Thanks,
Tim
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On Behalf Of Tim Zielke
Sent: Friday, July 26, 2013 2:52 PM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Subject: Re: Weird 2035 with FTE
Ok, I misunderstood. I thought you had written a separate C test stub program to test the functions that were failing, to see if they also failed with the test stub.
The only other suggestion I have is running an strace on the C sample program that works and the FTE process that does not. I have found that helpful in the past with debugging these types of issues on Linux/UNIX, especially when you can compare something that is working with something that is not.
Thanks,
Tim
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On Behalf Of T.Rob
Sent: Friday, July 26, 2013 11:35 AM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Subject: Re: Weird 2035 with FTE
Hi Tim,
My testing was by using several things other than WMQ FTE to connect to MQ. It's WMQ making the getpwuid or getpwuir_r call and I'm just assuming that it would make the same call regardless of what connects to it. It seems pretty straightforward to first get the UID of the process, then walk the group entries and that it would do the same procedure for any type of connection. However, FTE may have access to some privileged API calls. I remember a while back when FTE 7.0.1 didn't work with WMQ 7.0.1 (http://www-01.ibm.com/support/docview.wss?uid=swg1IC62582) in bindings mode and am wondering if this is a regression or similar problem.
Thanks - T.Rob
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On Behalf Of Tim Zielke
Sent: Friday, July 26, 2013 11:24 AM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org
Subject: Re: Weird 2035 with FTE
Hi T.Rob,
I noticed you said you tested a getpwuid call. Did you also test a getpwuid_r call? It looks like a getpwuid_r call was failing in that FDC, instead of a getpwuid call.
Thanks,
Tim
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On Behalf Of T.Rob
Sent: Friday, July 26, 2013 8:35 AM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org<mailto:MQSERIES-0lvw86wZMd9k/***@public.gmane.orgAC.AT>
Subject: Re: Weird 2035 with FTE
Hi Glen,
Been doing some more testing and verification.
* This is all local bindings mode. The Command and Coordination QMgrs are the same and none of the properties files has a client channel specified.
* No NFS involved. Executables are on dedicated SAN LUN.
* In addition to being able to run the C samples, I can run the IVTRun program so the WMQ JMS classes work.
* The executables in the FTE bin directory do not have any setuid bits set and are world-executable.
* The samples I'm using as my control test (amwqsget and amqsput) also do not have any setuid bits set and are world-executable.
Additionally, the issues with OAM you describe are further down the stack than this call is getting. Here's the relevant bits from FDC:
| Probe Description :- AMQ6125: An internal WebSphere MQ error has occurred. |
| FDCSequenceNumber :- 0 |
| Comment1 :- xcsGetpwuid failed to get password entry for process |
| with real uid 10211. |
| Comment2 :- Details: getuid() returned 10211; getpwuid_r(10211) |
| failed with errno=0. |
| Comment3 :- A user name of "UNKNOWN" will be used, which will |
| likely cause later authorisation failures. Note this FFST can be turned |
| off by exporting env var AMQ_NOFFST_PROCESS_UID. |
The FDC is cut under my ID rather than "UNKNOWN." The getuid() and getpwuid() calls appear to work in the test C code and IVT program, assuming these make the same OS API call as FTE.
I'm thinking this might be an FTE bug since it doesn't present anywhere but FTE. Unless the list has any other suggestions, I'm going to ask my client to open a PMR.
Thanks - T.Rob
$ dspmqver
Name: WebSphere MQ
Version: 7.1.0.2
Level: p710-002-121018
BuildType: IKAP - (Production)
Platform: WebSphere MQ for Linux (zSeries 64-bit platform)
Mode: 64-bit
O/S: Linux 2.6.32-358.11.1.el6.s390x
InstName: Installation1
InstDesc:
InstPath: /opt/mqm
DataPath: /var/mqm
Primary: Yes
MaxCmdLevel: 711
$ fteDisplayVersion -v
5655-U80, 5724-R10 Copyright IBM Corp. 2008, 2011. ALL RIGHTS RESERVED
Name: WebSphere MQ File Transfer Edition Server
Version: 7.0.4.3
Level: f704-FP3-20130429-1711
Platform: Linux (2.6.32-358.11.1.el6.s390x)
Architecture: s390
JVM: JRE 1.6.0 IBM J9 2.4 Linux s390-31 jvmxz3160sr12-20121024_126067 (JIT enabled, AOT enabled)
J9VM - 20121024_126067
JIT - r9_20120914_26057
GC - 20120928_AA
Product: /opt/ibm/WMQFTE
Configuration: /var/ibm/WMQFTE/config
WebSphere MQ Components:
Name: Common Services for Java Platform, Standard Edition
Version: 7.0.1.9
Level: k701-109-120705
$
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On Behalf Of Brumbaugh Glen
Sent: Thursday, July 25, 2013 17:39 PM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org<mailto:MQSERIES-0lvw86wZMd9k/***@public.gmane.orgAC.AT>
Subject: Re: Weird 2035 with FTE
T-Rob,
As you know, being in the mqm group does not provide any OAM rights. Most of these rights are assumed by user's to exist because of the sticky bits set on the binaries (e.g. runmqsc).
What is the Sticky Bit in MFT for the executable? Is the executable NFS mounted?
If you explicitly grant the necessary rights to your User ID do you still have the same problem?
There is a similar issue that you and I worked on for Message Broker using WMQ 7.5. There is an associated Technote 1442991. I know that you are aware of this but I include it for everyone on the list.
With that as background, I have frequently encountered files that are "owned" as the User ID "Unknown" when things were not set up correctly on NFS mounts. Could this be a combination of the Sticky Bit behavior and and a NFS mount issue?
Regards,
Glen Brumbaugh
Technology Manager
Prolifics
Global Technology Solutions Provider
On Jul 25, 2013, at 4:47 PM, T.Rob <t.rob-CkT6zf+urXSzW/GOMZKyElesiRL1/***@public.gmane.org<mailto:***@IOPTCONSULTING.COM>> wrote:
I know that's the case with client-connected things, but this is bindings
mode. My understanding was WMQ gets the ID from the process table in that
case, right?
-----Original Message-----
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On
Behalf Of Potkay, Peter M (CTO Architecture + Engineering)
Sent: Thursday, July 25, 2013 15:01 PM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org<mailto:MQSERIES-0lvw86wZMd9k/***@public.gmane.orgAC.AT>
Subject: Re: Weird 2035 with FTE
Jeff will be along shortly to confirm / correct this, but I seem to
remember
him saying here or on MQSeries.net<http://MQSeries.net> that for reasons I can't remember the
JVM won't have a reliable ID to use, so it sends none, so you are getting
the
ID of Unknown. The C language does not have that problem as the real ID
the process runs under is used.
Peter Potkay
-----Original Message-----
From: MQSeries List [mailto:MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org] On
Behalf Of T.Rob
Sent: Thursday, July 25, 2013 1:46 PM
To: MQSERIES-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org<mailto:MQSERIES-0lvw86wZMd9k/***@public.gmane.orgAC.AT>
Subject: Weird 2035 with FTE
Hi folks,
I'm seeing some weird behavior in FTE and was hoping someone else might
have some insight into what's going on. When I run fteListAgents in
bindings mode, under my ID, which is in the mqm group, I get a 2035 Type-
1 CONN NOT AUTHORIZED. When I use MS0P to view the event messages it
shows the ID connecting as "UNKNOWN." However, when I use the same
account to run amqsput and amqsget it works just fine. Is there something
in FTE or in Java that causes this?
I know that UNKNOWN is what gets returned when a user ID is too long.
But what would cause it to work under WMQ C code but fail under Java?
Thanks -- T.Rob
$ fteListAgents
5655-U80, 5724-R10 Copyright IBM Corp. 2008, 2011. ALL RIGHTS
RESERVED
BFGCL0033E: A messaging problem prevented the command from
completing successfully. The WebSphere MQ completion code was 2, and
the reason code was 2035. A connection could not be established to queue
manager [NAME OF COORD QMGR].
$ /opt/mqm/samp/bin/amqsput SYSTEM.DEFAULT.LOCAL.QUEUE [NAME
OF COORD QMGR] Sample AMQSPUT0 start target queue is
SYSTEM.DEFAULT.LOCAL.QUEUE Hello world!
Sample AMQSPUT0 end
$ /opt/mqm/samp/bin/amqsget SYSTEM.DEFAULT.LOCAL.QUEUE [NAME
OF COORD QMGR] Sample AMQSGET0 start message <Hello world!> no
more messages Sample AMQSGET0 end $
________________________________
List Archive<http://listserv.meduniwien.ac.at/archives/mqser-l.html> - Manage Your List Settings<http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1> - Unsubscribe<mailto:LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org?subject=Unsubscribe&BODY=signoff%20mqseries>
Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com<http://www.lsoft.com/resources/manuals.asp>
________________________________
List Archive<http://listserv.meduniwien.ac.at/archives/mqser-l.html> - Manage Your List Settings<http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1> - Unsubscribe<mailto:LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org?subject=Unsubscribe&BODY=signoff%20mqseries>
Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com<http://www.lsoft.com/resources/manuals.asp>
________________________________
List Archive<http://listserv.meduniwien.ac.at/archives/mqser-l.html> - Manage Your List Settings<http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1> - Unsubscribe<mailto:LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org?subject=Unsubscribe&BODY=signoff%20mqseries>
Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com<http://www.lsoft.com/resources/manuals.asp>
________________________________
List Archive<http://listserv.meduniwien.ac.at/archives/mqser-l.html> - Manage Your List Settings<http://listserv.meduniwien.ac.at/cgi-bin/wa?SUBED1=mqser-l&A=1> - Unsubscribe<mailto:LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org?subject=Unsubscribe&BODY=signoff%20mqseries>
Instructions for managing your mailing list subscription are provided in the Listserv General Users Guide available at http://www.lsoft.com<http://www.lsoft.com/resources/manuals.asp>
To unsubscribe, write to LISTSERV-0lvw86wZMd9k/bWDasg6f+***@public.gmane.org and,
in the message body (not the subject), write: SIGNOFF MQSERIES
Instructions for managing your mailing list subscription are provided in
the Listserv General Users Guide available at http://www.lsoft.com
Archive: http://listserv.meduniwien.ac.at/archives/mqser-l.html