SQL/MX 2.x Installation and Management Guide (G06.24+, H06.03+)
Managing Database Applications
HP NonStop SQL/MX Installation and Management Guide—523723-004
11-19
Securing User Modules
Securing Locally Placed Modules
You secure locally placed modules from the local directory in which they reside. The
objective should be to assign the responsibility and accountability for safeguarding the
integrity of each locally placed module to its own creator and owner.
Proper security of the local directory requires that:
•
The owner of the local directory be a trusted user.
•
The sticky bit of the local directory be set.
•
The compiled locally placed modules be writable only by the owner.
To secure the locally placed module directory:
1. Create the local directory by issuing the OSS command:
mkdir -p /usr/local-directory
2. Change the permission bits on the local directory so that ordinary users can freely
create their own user modules by issuing the OSS command:
chmod a+rwxt /usr/local-directory
Specifying the t permission argument option sets the sticky bit for the local
directory, which restricts file deletion and alteration there.
3. If the local directory already exists:
•
Do not attempt to re-create the directory.
•
Perform this OSS command:
chmod a+rwxt /usr/local-directory
4. To verify that the sticky bit of the local directory has been turned on, enter:
ls -ld /usr/local-directory
The output should look like this:
drwxrwxrwt 1 SUPER.SUPER SUPER 4096 Apr 1 06:26
/usr/local-directory
5. If the local directory is owned by someone other than the SUPER.SUPER (super
ID) user and you want to make the SUPER.SUPER user the owner, enter:
chown super.super /usr/local-directory
6. After you create a locally placed module, make sure that only the module owner
and the trusted owner of the local directory can modify, rename, or delete that
module by entering:
chmod 0644 /usr/local-directory/locmod1
This command makes the locally placed module locmod1 readable and writable
only by the owner and readable by others.