on 12-29-2010 6:15 PM
Hi,
I have installed SAP Enterprise 4.7 Ext 200 with Windows 2003 Server Enterprise Edition and Oracle 9.2 database. There are certain directories within ORACLE (Sapdata, sapbakcup, oraarch, ect) where the Everyone group has full control Permitting. According to the audit review, the Everyone group full control must not ,only read permission. Is that correct?
Regards,
Hi,
For the directory sapdatax the only group that appears is Everyone with full control permit requirements.
That can bring consequences, change the file permissions to read-only?
Thanks for all the help,
Regards,
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
can you please give us the ACL (Access Control List) for the directory sapdata1?
typically the installation is just setting addtional Access Control Entries to directories below \oracle\<SAPSID> or \oracle\<SAPSID>\sapdataX. All entries inherited by parent directories are not changed by the installation.
Everyone = Fullcontrol (which was the default in Windows Server 2003) is probably be inherited from the disk volume level.
regards
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
yes, on windows environment everyone group should not be given full access
on my solman system, I gave read and execute only.
giving read only is considerable, since sapdata, oraarch etc should only be executed with <sid>adm and ora<sid> user only.
similar to my explanation for unix environment, the last three digits are permission for everyone else,
which is set to r-x (read-no write access-execute)
also, keep monitoring on user management and user access can prevent or minimize security leakage.
hope it help you.
rgds,
Alfonsus Guritno.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
thanks very much, but my OS is windows 2003 server.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I have looked at all my system
the directory under /oracle/<SID> like sapdata, oraarch etc have permission 755 (drwxr-xr-x) and onwer is ora<sid>:dba
so the proper permission are full access for owner, and the other has read-execute permission.
hope it help you.
rgds,
Alfonsus Guritno
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.