https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826075#M87629 The application might check the UID of the owner. This is what informix is doing. So, for us the owner is informix not root.<BR /><BR />Check with oracle to see what they need.<BR /><BR />Regards,<BR />Tibi Baraboi Tue, 15 Oct 2002 13:58:17 GMT Tibi Baraboi_1 2002-10-15T13:58:17Z https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826074#M87628 We currently are having a discussion where I work as to what the standard permissions of a mounted file system should be. <BR /><BR />1) Set the ownership of root, and give users permissions via a group.<BR /><BR />2) Give ownership of the mount point to the application account, and give permissions to users via the group.<BR /><BR />So the question at hand is: are there any security issues if a root mounted file system (ie: /oracle) is owned by root? The prefrence is to have the application account own the mount, so the application owner can manage the filesystem.<BR /><BR />Any help or thoughts. . .<BR /><BR /> Tue, 15 Oct 2002 13:53:11 GMT https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826074#M87628 Chuck Moreland 2002-10-15T13:53:11Z https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826075#M87629 The application might check the UID of the owner. This is what informix is doing. So, for us the owner is informix not root.<BR /><BR />Check with oracle to see what they need.<BR /><BR />Regards,<BR />Tibi Baraboi Tue, 15 Oct 2002 13:58:17 GMT https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826075#M87629 Tibi Baraboi_1 2002-10-15T13:58:17Z https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826076#M87630 Oracle says that mount point should be owned by oracle . Tue, 15 Oct 2002 14:04:01 GMT https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826076#M87630 Ashwani Kashyap 2002-10-15T14:04:01Z https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826077#M87631 That is great. Do you have a doc number or white paper from oracle that recomends this? Tue, 15 Oct 2002 14:07:26 GMT https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826077#M87631 Chuck Moreland 2002-10-15T14:07:26Z https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826078#M87632 We have the structure like this <BR /><BR />The Database mount points are owned by database like oracle/informix<BR /><BR />The application owned bu application ids , and the connection of logins to the database are managed by the DB admins , ideally the mount points hsould be owned by the respective groups so that the upkeep si done by them and everything doesnt fall on teh admins.<BR /><BR />Also note that preferable the lost+found should still be owned by root !<BR /><BR />Manoj Srivastava Tue, 15 Oct 2002 14:11:41 GMT https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826078#M87632 MANOJ SRIVASTAVA 2002-10-15T14:11:41Z https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826079#M87633 I always create all mount-points as root.system 0777, then change the ownerships and permissions on the mounted-directory. In my experience with several versions of Unix, is that if you don't do this, strange problems can-arise.<BR /><BR />It may seem insecure, but the mount-point is only exposed when there is no filesystem mounted over it, and since most filesystems tend to be mounted during boot, it never seems to cause me a problem.<BR /> Wed, 16 Oct 2002 07:37:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/permissions-of-mounted-filesystems/m-p/2826079#M87633 Andrew Cowan 2002-10-16T07:37:05Z