SQL/MX 3.2.1 Management Manual (H06.26+, J06.15+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

221

222

223

224

225

226

227

228

229

230

4. Alternatively, the SUPER.SUPER user can make sure that all modules can be written to only by

their respective owners by entering:

chmod 0644 /usr/tandem/sqlmx/USERMODULES/*

5. Make sure that all future modules that you create are writable only by you or the

USERMODULES directory owner by entering:

umask 022

Regardless of the current umask settings, this command makes module files (and OSS files in

general) that the user creates readable by all but writable only by the module owner and

creator.

6. Put this command into the shell script you use to invoke the SQL/MX compiler:

umask 022

mxcmp $*

Securing Locally Placed Modules

You secure locally placed modules from the local directory in which they reside. The objective

should be to assign the responsibility and accountability for safeguarding the integrity of each

locally placed module to its own creator and owner.

Proper security of the local directory requires that:

• The owner of the local directory be a trusted user.

• The sticky bit of the local directory be set.

• The compiled locally placed modules be writable only by the owner.

To secure the locally placed module directory:

1. Create the local directory by issuing the OSS command:

mkdir -p /usr/local-directory

2. Change the permission bits on the local directory so that ordinary users can freely create their

own user modules by issuing the OSS command:

chmod a+rwxt /usr/local-directory

Specifying the t permission argument option sets the sticky bit for the local directory, which

restricts file deletion and alteration there.

3. If the local directory already exists:

• Do not attempt to re-create the directory.

• Perform this OSS command:

chmod a+rwxt /usr/local-directory

4. To verify that the sticky bit of the local directory has been turned on, enter:

ls -ld /usr/local-directory

The output should look like this:

drwxrwxrwt 1 SUPER.SUPER SUPER 4096 Apr 1 06:26

/usr/local-directory

5. If the local directory is owned by someone other than the SUPER.SUPER (super ID) user and

you want to make the SUPER.SUPER user the owner, enter:

chown super.super /usr/local-directory

6. After you create a locally placed module, make sure that only the module owner and the

trusted owner of the local directory can modify, rename, or delete that module by entering:

chmod 0644 /usr/local-directory/locmod1

This command makes the locally placed module locmod1 readable and writable only by the

owner and readable by others.

Managing Modules 225