SQL/MX 3.x Installation and Management Guide (H06.22+, J06.11+)
Managing Database Applications
HP NonStop SQL/MX Installation and Management Guide—640325-001
11-18
Securing User Modules
Proper security of the local directory requires that:
•
The owner of the local directory be a trusted user.
•
The sticky bit of the local directory be set.
•
The compiled locally placed modules be writable only by the owner.
To secure the locally placed module directory:
1. Create the local directory by issuing the OSS command:
mkdir -p /usr/local-directory
2. Change the permission bits on the local directory so that ordinary users can freely
create their own user modules by issuing the OSS command:
chmod a+rwxt /usr/local-directory
Specifying the t permission argument option sets the sticky bit for the local
directory, which restricts file deletion and alteration there.
3. If the local directory already exists:
•
Do not attempt to re-create the directory.
•
Perform this OSS command:
chmod a+rwxt /usr/local-directory
4. To verify that the sticky bit of the local directory has been turned on, enter:
ls -ld /usr/local-directory
The output should look like this:
drwxrwxrwt 1 SUPER.SUPER SUPER 4096 Apr 1 06:26
/usr/local-directory
5. If the local directory is owned by someone other than the SUPER.SUPER (super
ID) user and you want to make the SUPER.SUPER user the owner, enter:
chown super.super /usr/local-directory
6. After you create a locally placed module, make sure that only the module owner
and the trusted owner of the local directory can modify, rename, or delete that
module by entering:
chmod 0644 /usr/local-directory/locmod1
This command makes the locally placed module locmod1 readable and writable
only by the owner and readable by others.
7. Alternatively, the SUPER.SUPER user can make sure that all modules in the local
directory can be written to only by their respective owners by entering:
chmod 0644 /usr/local-directory/*