08-24-2015 3:30 PM
Hi Everyone,
I have a little question about the SSFS master key storage and access rights related to it.
The file:
/usr/sap/<SID>/SYS/global/security/rsecssfs/key/SSFS_<SID>.KEY
Should contain the master key used to decrypt the keys that are used to encrypt the data handled by the SAP HANA. (or at least i think so, so please correct me if I am wrong).
I am wondering why is this file accessible for "others" (read and execute) in the system that I am currently checking. Is this a security risk for the system? I cant find any good reason to have this file accessible for "others" as the whole SAP is running under <SID>adm.
Thanks for any clarifications
Much appreciated
Martin
08-25-2015 9:30 AM
Hi Martin,
Check the note 1639578 - SSFS as password store for primary database connect, it has mentioned to change the permissions after the SSFS config.
Regards,
Raja. G
08-25-2015 9:30 AM
Hi Martin,
Check the note 1639578 - SSFS as password store for primary database connect, it has mentioned to change the permissions after the SSFS config.
Regards,
Raja. G