即使關閉了WebSphere MQ中的安全性，爲什麼還要獲得AMQ7077？

Question

在Windows7中，當我設置MQSNOAUT=yes時，一切正常，我可以在WebSphere MQ中執行任何操作。但在紅帽甚至設置後MQSNOAUT到yes我得到這個錯誤：

[root@RHEL6-135 bin]$ ll crtmqm 
-rwxrwxrwx. 1 mqm mqm 41822 Oct 22 2015 crtmqm 
[root@RHEL6-135 bin]$ crtmqm testqm 
AMQ7077: You are not authorized to perform the requested operation. 
[root@RHEL6-135 bin]$ 

使用mqm用戶我可以創建隊列管理器，但無法啓動：

[mqm@RHEL6-135 bin]$ crtmqm testqm 
WebSphere MQ queue manager created. 
Directory '/var/mqm/qmgrs/testqm' created. 
The queue manager is associated with installation 'Installation1'. 
Creating or replacing default objects for queue manager 'testqm'. 
Default objects statistics : 79 created. 0 replaced. 0 failed. 
Completing setup. 
Setup completed. 
[mqm@RHEL6-135 bin]$ strmqm testqm 
WebSphere MQ queue manager 'testqm' starting. 
The queue manager is associated with installation 'Installation1'. 
5 log records accessed on queue manager 'testqm' during the log replay phase. 
Log replay for queue manager 'testqm' complete. 
Transaction manager state recovered for queue manager 'testqm'. 
The queue manager ended for reason 545284129, ''. 
[mqm@RHEL6-135 bin]$ 

不幸的是，沒有任何有用的信息這些日誌文件：

/var/mqm/errors/AMQERR01.LOG：

----- amqxfdcx.c : 888 -------------------------------------------------------- 
03/14/2017 10:00:16 AM - Process(15859.1) User(mqm) Program(amqzmur0) 
        Host(RHEL6-135) Installation(Installation1) 
        VRMF(8.0.0.4) 
AMQ6125: An internal WebSphere MQ error has occurred. 

EXPLANATION: 
An internal error has occurred with identifier 2080520F. This message is 
issued in association with other messages. 
ACTION: 
Use the standard facilities supplied with your system to record the problem 
identifier and to save any generated output files. Use either the MQ Support 
site: http://www.ibm.com/software/integration/wmq/support/, or IBM Support 
Assistant (ISA): http://www.ibm.com/software/support/isa/, to see whether a 
solution is already available. If you are unable to find a match, contact your 
IBM support center. Do not discard these files until the problem has been 
resolved. 
... 
repeated 27 times! 

/var/mqm/qmgrs/testqm/errors/AMQERR01.LOG：

03/14/2017 10:00:16 AM - Process(15840.4) User(mqm) Program(amqzmuc0) 
        Host(RHEL6-135) Installation(Installation1) 
        VRMF(8.0.0.4) QMgr(testqm) 

AMQ5051: The queue manager task 'LOGGER-IO' has started. 

EXPLANATION: 
The critical utility task manager has started the LOGGER-IO task. This task has 
now started 1 times. 
ACTION: 
None. 
------------------------------------------------------------------------------- 
    .... 
------------------------------------------------------------------------------- 
03/14/2017 10:00:16 AM - Process(15859.6) User(mqm) Program(amqzmur0) 
        Host(RHEL6-135) Installation(Installation1) 
        VRMF(8.0.0.4) QMgr(testqm) 

AMQ5037: The queue manager task 'DEFERRED_DELIVERY' has started. 

EXPLANATION: 
The restartable utility task manager has started the DEFERRED_DELIVERY task. 
This task has now started 1 times. 
ACTION: 
None. 
------------------------------------------------------------------------------- 

的mqm用戶是sudoer和下面是我的/ etc /組文件的一部分：

root:x:0:root, mqm, bin 
adm:x:4:root,adm,daemon, mqm, mquser 
mqm:x:500:root, mqm 
mquser:x:502:mqm 

......無論如何，我認爲設置爲yes的MQSNOAUT變量應該足以與使用任何用戶的WebShpere MQ配合使用。也許與RedHat有關的問題導致了這個問題。

順便說一句，尋找The queue manager ended for reason 545284129, ''.，我找不到任何解決方案。

有什麼想法？

UPDATE

做完chmod -R 6550上/opt/mqm/bin，現在我就可以開始隊列管理器，並使用... IBM MQ的命令行二進制文件創建隊列，通道。爲了更方便，但是，我仍然無法使用MQ資源管理器，因爲當我運行MQExplorer我得到以下錯誤：

[mqm@RHEL6-135 bin]$ MQExplorer 
No protocol specified 
MQExplorer: Cannot open display: 
No protocol specified 
No protocol specified 
MQExplorer: Cannot open display: 
MQExplorer: 
An error has occurred. See the log file 
/var/mqm/IBM/WebSphereMQ/workspace-Installation1/.metadata/.log. 
[mqm@RHEL6-135 bin]$ 

與sudo運行它，我得到這個錯誤：

[mqm@RHEL6-135 bin]$ sudo MQExplorer 
[sudo] password for mqm: 
/opt/mqm/java/jre64/jre/bin/java: error while loading shared libraries: libjli.so: cannot open shared object file: No such file or directory 

(process:4451): Gtk-WARNING **: This process is currently running setuid or setgid. 
This is not a supported use of GTK+. You must create a helper 
program instead. For further details, see: 

    http://www.gtk.org/setuid.html 

Refusing to initialize GTK+. 
[mqm@RHEL6-135 bin]$ 

和該/var/mqm/IBM/WebSphereMQ/workspace-Installation1/.metadata/.log如下：

!SESSION 2017-03-15 16:41:52.369 ----------------------------------------------- 
eclipse.buildId=unknown 
java.fullversion=JRE 1.7.0 IBM J9 2.7 Linux amd64-64 Compressed References 20150630_255653 (JIT enabled, AOT enabled) 
J9VM - R27_Java727_SR3_20150630_2236_B255653 
JIT - tr.r13.java_20150623_94888.01 
GC - R27_Java727_SR3_20150630_2236_B255653_CMPRSS 
J9CL - 20150630_255653 
BootLoader constants: OS=linux, ARCH=x86_64, WS=gtk, NL=en_US 
Command-line arguments: -os linux -ws gtk -arch x86_64 

!ENTRY org.eclipse.osgi 4 0 2017-03-15 16:41:54.516 
!MESSAGE Application error 
!STACK 1 
org.eclipse.swt.SWTError: No more handles [gtk_init_check() failed] 
    at org.eclipse.swt.SWT.error(SWT.java:4423) 
    at org.eclipse.swt.widgets.Display.createDisplay(Display.java:925) 
    at org.eclipse.swt.widgets.Display.create(Display.java:909) 
    at org.eclipse.swt.graphics.Device.<init>(Device.java:156) 
    at org.eclipse.swt.widgets.Display.<init>(Display.java:507) 
    at org.eclipse.swt.widgets.Display.<init>(Display.java:498) 
    at org.eclipse.ui.internal.Workbench.createDisplay(Workbench.java:691) 
    at org.eclipse.ui.PlatformUI.createDisplay(PlatformUI.java:162) 
    at com.ibm.mq.explorer.ui.rcp.internal.base.RcpApplication.start(RcpApplication.java:88) 
    at org.eclipse.equinox.internal.app.EclipseAppHandle.run(EclipseAppHandle.java:196) 
    at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.runApplication(EclipseAppLauncher.java:110) 
    at org.eclipse.core.runtime.internal.adaptor.EclipseAppLauncher.start(EclipseAppLauncher.java:79) 
    at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:354) 
    at org.eclipse.core.runtime.adaptor.EclipseStarter.run(EclipseStarter.java:181) 
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) 
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:95) 
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:56) 
    at java.lang.reflect.Method.invoke(Method.java:620) 
    at org.eclipse.equinox.launcher.Main.invokeFramework(Main.java:636) 
    at org.eclipse.equinox.launcher.Main.basicRun(Main.java:591) 
    at org.eclipse.equinox.launcher.Main.run(Main.java:1450) 
    at org.eclipse.equinox.launcher.Main.main(Main.java:1426) 

日誌/堆棧跟蹤看起來像一個catch-all異常處理。我還沒有完全挖掘到這個錯誤，但也許它也是由一些權限問題造成的。例如，當MQExplorer嘗試從mqm的子目錄加載它的組件時，可能會出現一些授權錯誤！但是，在某些相關路徑上運行chmod -R 6550並不能解決問題。

Answer 1

設置MQSNOAUT=ANYVALUE僅在創建隊列管理器時設置MQ OAM的情況下才會關閉MQ OAM。這會導致qm.ini文件中爲您在創建時創建的隊列管理器省略了幾行內容。

如果OAM已關閉，則表示只有連接到隊列管理器的用戶才具有完全權限。

Unix上的隊列管理器本身仍然需要在mqm用戶標識下運行。

我注意到，你表現出在crtmqm二進制以下權限：

-rwxrwxrwx. 1 mqm mqm 

這是不正確的，在MQ在UNIX上安裝有許多與setuid權限的文件，因爲在屬於文件的權限創建於/var/mqm/qmgrs,/var/mqm/log,/var/mqm/sockets非常重要。從我做的研究中，545284129和2080520F錯誤與文件權限有關。我建議您將權限重置爲之前的權限，如果您不知道，那麼我會建議您刪除IBM MQ軟件並重新安裝。僅供參考下面是在crtmqm二元正常的權限：

-r-sr-s--- 1 mqm mqm 

一旦IBM MQ二進制文件的權限進行修正，我建議你使用dltmqm刪除您的隊列管理器，並確保沒有保持與該隊列管理器名稱在/var/mqm/qmgrs,/var/mqm/log,/var/mqm/sockets和/var/mqm/mqs.ini文件中。

清理完成後，再次以mqm用戶身份創建它並嘗試啓動它。我猜想

我建議你儘量不要禁用安全，而是設置適當的權限。即使這是一個開發環境，讓事情在啓用安全性的情況下也好得多。當您在禁用安全功能的情況下進行開發時，最終需要排查在真實環境中啓用安全性時以後無法使用的原因。

查看我對「Provide anonymous access to IBM WebSphere MQ」問題的回答，以獲取有關如何保持啓用安全性的更多信息，以及如果想要繼續執行此操作時禁用事件的更多信息。