Skip to Main Content
Integration


This is an IBM Automation portal for Integration products. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.


Status Not under consideration
Created by Guest
Created on Jan 31, 2023

Initial mqm user creation

Currently for new installs of IBM MQ on AIX or Linux platforms, where the mqm user is not already created, the mqm user is then created in /var/mqm because in previous steps of the installation the program had already created the /var/mqm directory to put in some files needed for MQ. So when it reaches the stage of checking the existence of the mqm user and decides to create it, the script selects a directory that already exists.

I believe that it would be a security best practice to separate an application (MQM user) home directory from the application's working directory. So, during the check for the existence of the mqm user and it doesn't find one, then it should create it in /home.

Idea priority Medium
  • Admin
    Mark Taylor
    Reply
    |
    Apr 18, 2023

    This Idea is being declined.

    We already document that's what we'll do if the mqm user doesn't exist at install time. As part of "Preparing the system on Linux" step 1 states "Set up a user ID of the name mqm, with a primary group of mqm." and then links off to "Setting up the user and group on Linux" which states in section "Creating the user ID and group":

    If you have special requirements for these IDs ( for example they need to have the same values as other machines you are using, or your users and group ID are centrally managed) you should create the IDs before running the installation procedure, using the groupadd and useradd commands to set the UID and GID the same on each machine.

    Note: The only IBM MQ requirement, is that the mqm user should have the mqm group as its primary group.

    So given the above, there is no requirement to have the home of the mqm user set to /var/mqm and you can override that if it is a concern.

    There is also no need to ever actually log in as the mqm user, so any considerations you might have for real userids do not need to apply here.