on 02-27-2012 7:42 PM
I have a requirement from the development teams to allow MDM to dump, and PI to pick up (and archive) from the same locations. Currently accounts are set with umask 0022 (as expected).
Are there any repercussions from setting OS umasks to 0002 to allow the MDM and PI os accounts from writing?
Is there a better way to handle this within SAP, or should it be kept as an OS mask task?
(note these will be NFSv3 mounted, thus not using setfacl for launch masking etc).
There won't be repercussions, except that security will be a bit weakened in one detail. You have to decide whether that's acceptable.
And umask 002 is used by SAP in some similar fields; files in /usr/sap/trans come to my mind for example. So I think you shouldn't worry here.
And no, I am not aware of a better way to handle this within SAP.
But maybe someone else will come up with that?
regards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Good question!
Not sure about it; I suppose permissions of transport files are hard coded in the programs that create them. Or they are created with whatever permissions, and a chmod is done afterwards.
If you aren't the developer of your dump tool in MDM, i wouldn't expect you can change much...
I may be wrong though.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.