What are the recommended permissions for files & directories on a Unix / Linux Control-M/Agent? |
The following is a summary of the file & directory permissions recommended from version 6.x onwards for the Control-M/Agent on a Unix / Linux host. [ctm/backup (directory)]
This directory contains the dsect files of ended jobs.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwx------
6.3.01 permissions - drwx------
6.4.01 permissions - drwx------
7.0.00 permissions - drwxr-----
8.0.00 permissions - drwx------
9.0.00 permissions - drwxr-xr-x
ctm/backup (Files)
6.1.03 permissions - rw-rw-rw owner is root
6.2.01 permissions - rw-r--r-- owner is the agent owner
6.3.01 permissions - rw-r--r-- owner is the agent owner
6.4.01 permissions - rw-r--r-- owner is the agent owner
7.0.00 permissions - drwx------ owner is the agent owner
8.0.00 permissions - drwx------ owner is the agent owner
9.0.00 permissions - drwxr-xr-x owner is the agent owner
[ctm/be_unix_mbx]
Directory deleted.
This directory contains a file used as a FIFO - IPC for tracker events. It's obsolete and doesn't appear in 6.2.01
[ctm/cm]
This directory contains the installations of all the CMs if any exist. It is the CM's responsibility to restrict access to its files and directories.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwxrwxrwx
6.3.01 permissions - drwxrwxrwx
6.4.01 permissions - drwxrwxrwx
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxr-xr-x
[ctm/data]
This directory contains configuration files for the agent and CMs. It also contains subdirectories for SSL files.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-xr-x
6.4.01 permissions - drwxr-xr-x
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxr-xr-x
[ctm/data/SSL]
This directory contains subdirectories for the SSL option for CONTROL-M.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-xr-x
6.4.01 permissions - drwxr-xr-x
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxr-xr-x
ctm/data/SSL/CERT
data/SSL/log
data/SSL/bin
6.1.03 permissions - drwxrwxrwx
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-xr-x
6.4.01 permissions - drwxr-xr-x
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxr-xr-x
[ctm/exe]
This directory contains most of the agent's executable files, shared libraries, utilities and launch scripts.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-xr-x
6.4.01 permissions - drwxr-xr-x
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x ( directory name renamed to exe_800)
9.0.00 permissions - drwxr-xr-x ( directory name renamed to exe_800)
[ctm/JRE] This directory contains needed executable and libraries to run JAVA. 7.0.00 permissions - drwxr-xr-x 8.0.00 permissions - drwxr-xr-x 9.0.00 permissions - drwxr-xr-x
[ctm/locks]
This directory is new to 6.2.01 . it contains files used to synchronize access to agent resources.
6.1.03 permissions - N/A
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-xr-x
6.4.01 permissions - drwxr-xr-x
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxr-xr-x
[ctm/log] This directory is used by the installation of fix packs to save installation logs.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-x---
[ctm/onstmt]
This directory contain ON statements files for jobs that are executing.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwx------
6.3.01 permissions - drwx------
6.4.01 permissions - drwx------
7.0.00 permissions - drwx------
8.0.00 permissions - drwx------
9.0.00 permissions - drwxr-xr-x
[ctm/patches]
This directory is used by the installation of fix packs to save backup files of old versions.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-x---
6.3.01 permissions - drwxr-x---
[ctm/pid]
This directory contain files that save the process IDs of agent processes. In 6.1.03 it contained a file only for the tracker.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-xr-x
6.4.01 permissions - drwxr-xr-x
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxr-xr-x
[ctm/procid]
This directory contains status files for executing jobs.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwx------
6.3.01 permissions - drwx------
6.4.01 permissions - drwx------
7.0.00 permissions - drwx------
8.0.00 permissions - drwx------
9.0.00 permissions - drwxr-xr-x
[ctm/proclog]
This directory contains debug log files.
6.1.03 permissions - drwxrwxrwx
6.2.01 permissions - drwxrwxrwx
6.3.01 permissions - drwxrwxrwx
6.4.01 permissions - drwxrwxrwx
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxr-xr-x
Files
ctm/proclog
The permissions of the files can be set by defining the PROCLOG_MODE entry in OS.dat starting with 6.2.01.
6.1.03 permissions - -rw-rw-rw owner - root
6.2.01 permissions - -rw-r--r-- owner - agent user
6.3.01 permissions - -rw-r--r-- owner is the agent user, or root depending on who wrote the file.
6.4.01 permissions - -rw-r--r-- owner is the agent user, or root depending on who wrote the file.
7.0.00 permissions - -rw-r----- owner is the agent user, or root depending on who wrote the file.
8.0.00 permissions - -rw-r----- owner is the agent user, or root depending on who wrote the file
9.0.00 permissions - drwxr-xr-x
[ctm/scripts]
This directory contains maintenance scripts for the agent.
6.1.03 permissions - drwxrwxrwx
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-xr-x
6.4.01 permissions - drwxr-xr-x
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxr-xr-x
[ctm/status]
This directory contains the dsect files of executing jobs.
6.1.03 permissions - drwxr-xr-x
6.2.01 permissions - drwx------
6.3.01 permissions - drwx------
6.4.01 permissions - drwx------
7.0.00 permissions - drwx------
8.0.00 permissions - drwx------
9.0.00 permissions - drwxr-xr-x
Files
ctm/status
6.1.03 permissions - -rw-rw-rw owner - root
6.2.01 permissions - -rw-r--r-- owner - root
6.3.01 permissions - -rw-r--r-- owner - root
6.4.01 permissions - -rw-r--r-- owner - root
7.0.00 permissions - -rw-r--r-- owner - <user starting the Agent>
8.0.00 permissions - -rw-r--r-- owner - <user starting the Agent>
[ctm/sysout]
This directory contains the output files of jobs. It's world writable because all job owners should be able to write in it.
6.1.03 permissions - drwxrwxrwx
6.2.01 permissions - drwxrwxrwx
6.3.01 permissions - drwxrwxrwx
6.4.01 permissions - drwxrwxrwx
7.0.00 permissions - drwxr-xr-x
8.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxrwsrwt
Files
ctm/sysout
The permissions of the files can be set by defining the SYSOUT_MODE entry in OS.dat.
6.1.03 permissions - -rw------- owner
6.2.01 permissions - -rw------- owner
6.3.01 permissions - -rw------- owner
6.4.01 permissions - -rw------- owner
7.0.00 permissions - -rw------- owner
8.0.00 permissions - -rw------- owner
[ctm/temp]
This directory contains temporary files used by the agent and CMs
6.1.03 permissions - drwxrwxrwx
6.2.01 permissions - drwxr-xr-x
6.3.01 permissions - drwxr-xr-x
6.4.01 permissions - drwxr-xr-x
7.0.00 permissions - drwxr-xr-x
9.0.00 permissions - drwxr-xr-x
Related Products:
|