Directory Permissions
- Shaun Morris
DDF_HOME
DDF_HOME is the directory where DDF is installed.Windows
Restrict access to sensitive files by ensuring that the only users with access privileges are “Administrators”. Right-click the file or directory noted below and follow this path “Full Control” Administrators”, “System”, and “Creator Owner” for Properties->Security->Advanced) for DDF_HOME (e.g., C:\ddf)
Restrict access to sensitive files by ensuring that only “System”, and “Administrators” have “Full Control” to the below files. To do so: right-click on the file or directory below and select Properties->Security->Advanced.
Delete any other groups or users listed with access to DDF_HOME/etc and DDF_HOME/deploy.
*NIX
Protect the DDF from unauthorized access. As root, change the owner and group of critical DDF directories to the NON_ROOT_USER:
A NON_ROOT_USER (e.g., ddf) is recommended for installation.
chown -R NON_ROOT_USER $DDF_HOME $DDF_HOME/etc $DDF_HOME/data chgrp -R NON_ROOT_USER $DDF_HOME/etc $DDF_HOME/data chmod -R og-w $DDF_HOME/etc $DDF_HOME/data
Restrict access to sensitive files by ensuring that the only users with “group” permissions (e.g., ddf-group) have access to the following directories:
Execute the following as the above files (examples assume DDF_HOME is /opt/ddf):
chmod -R o /opt/ddf
As the the application owner (e.g., ddf user), restrict access to sensitive files:
chmod 640 /opt/ddf/etc chmod 640 /opt/ddf/deploy