Pete Finnigan's Oracle Security Forum (http://www.petefinnigan.com/forum/yabb/YaBB.cgi)
Oracle Security >> Oracle Security >> umask on unix
(Message started by: Pete Finnigan on Apr 14th, 2006, 4:24pm)

Title: umask on unix
Post by Pete Finnigan on Apr 14th, 2006, 4:24pm
Are there any recommendations about what to set the umask parameter to? The Oracle installation manuals say set it to 022 which gives permissions of 'rw-r--r--'. This gives read access to others which probably isn't a problem for binaries but it also allows read to others for all other files.

What do other shops do?

Title: Re: umask on unix
Post by Pete Finnigan on Apr 14th, 2006, 6:23pm
I typically follow Oracle's lead on the file permissions front.  They have been doing *nix based software distributions for quite some time, and I haven't had any access control/privilage issues yet.

 I would focus more on what other accounts you have authorized access to the server that is hosting Oracle.     The fewer people with login access (I'm implying ssh) the more secure the environment.   But, don't go too far.  Best practices avoid shared accounts (for audit purposes), and limit access to those people who really need local access.

-Kevin Hrim

Title: Re: umask on unix
Post by Pete Finnigan on Apr 25th, 2006, 8:59pm
We set ours at 007.  This denies all world access to files created by our s/w owner account.  Mostly hasn't caused problems (have to change it for installs), except that users get no access to files they create in UTL_FILE_DIR.  Not a big deal for the apps I support; could be for others though.

Title: Re: umask on unix
Post by Pete Finnigan on May 10th, 2006, 4:27pm
Jim and Kevin,

Thanks for the replies.

Joe



Powered by YaBB 1 Gold - SP 1.4!
Forum software copyright © 2000-2004 Yet another Bulletin Board