cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Regarding Trans Directory Permissions

Former Member

on ‎03-12-2008 6:24 AM

0 Kudos

Hi All

The problem is that in trans directory in data and cofile directories the request when released was owned by root and sapsys group.

but now when i release a request it gets created by <sid>adm and sapsys group

Now what happens is that ... because trans directory is mounted at development and production (with quality as the domain controller)

the user is shown via its UID because there is no user with that id in either quality and production. Hence the request released by developement user is shown like it is owned by some ID in quality and production. What ideally shoul happen is that it should be owned by root.

The permissions and ownership are all OK .

Need very urgent help in this

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

markus_doehr2
Active Contributor
‎03-12-2008 12:07 PM
0 Kudos

Now what happens is that ... because trans directory is mounted at development and production (with quality as the domain controller)

the user is shown via its UID because there is no user with that id in either quality and production. Hence the request released by developement user is shown like it is owned by some ID in quality and production. What ideally shoul happen is that it should be owned by root.

No.

The files shouldn´t be owned by root but by the owner of the exporting system and the group "sapsys" which should be the same on all systems. Then you can read and write with the group ID.

Markus

Show replies
Show replies
Former Member
‎03-12-2008 12:13 PM
0 Kudos

Thanks a lot Markus

But the GID in quality and development are same, but production has a different GID. And UID in all three systems are different

So is there a solution where i dont have to change the UID or GID of the systems

Regards

Vishesh

markus_doehr2
Active Contributor
‎03-12-2008 12:19 PM
0 Kudos

Well... then you have a "problem"...

A unique group is essential to be able to transport (see the installation guides)...

What you can do short term is e. g. to write a small cron job that will change the permissions (execute every minute e. g.). Another possibility is to change the umask of the exporting system and make the files world writable.

Changing a GID is not that difficult and critical - you can run a small script (find + exec) to change it.

Markus

Former Member
‎03-12-2008 12:27 PM
0 Kudos

Thanks a lot Markus

Points rewarded !!

One more thing....

What about auditing .... i can write a cronjob to change the permissions every minute but wouldnt that cause some auditing issues.... i joined this project and got the issue as it is.... so i just want to resolve it..

what would u suggest ... should i change the permissions on hrd hrq or hrp as the problem only comes when ddic objects activation is involved .... they get activated on hrq as it has the same GID as hrd but on hrp it neither has same GID nor UID.

Cheers !!

Vishesh

markus_doehr2
Active Contributor
‎03-12-2008 12:33 PM
0 Kudos

What about auditing .... i can write a cronjob to change the permissions every minute but wouldnt that cause some auditing issues.... i joined this project and got the issue as it is.... so i just want to resolve it..

If you need to be SOX (or any other ISO-something) conform I suggest you plan a downtime on HRP and change the GID and document it explicitly. Once this is done you shouldn´t face any more problems, neither technically nor auditing-wise.

Markus

Ask a Question