HPE Community
Operating System - HP-UX
1825737 Members
2512 Online
109687 Solutions
New Discussion

Permissions of Mounted Filesystems

 
SOLVED
Go to solution
Chuck Moreland
New Member

‎10-15-2002 06:53 AM

‎10-15-2002 06:53 AM

Permissions of Mounted Filesystems

We currently are having a discussion where I work as to what the standard permissions of a mounted file system should be.

1) Set the ownership of root, and give users permissions via a group.

2) Give ownership of the mount point to the application account, and give permissions to users via the group.

So the question at hand is: are there any security issues if a root mounted file system (ie: /oracle) is owned by root? The prefrence is to have the application account own the mount, so the application owner can manage the filesystem.

Any help or thoughts. . .

0 Kudos
Reply
5 REPLIES 5
Tibi Baraboi_1
Advisor

‎10-15-2002 06:58 AM

‎10-15-2002 06:58 AM

Re: Permissions of Mounted Filesystems

The application might check the UID of the owner. This is what informix is doing. So, for us the owner is informix not root.

Check with oracle to see what they need.

Regards,
Tibi Baraboi
0 Kudos
Reply
Ashwani Kashyap
Honored Contributor

‎10-15-2002 07:04 AM

‎10-15-2002 07:04 AM

Solution

Re: Permissions of Mounted Filesystems

Oracle says that mount point should be owned by oracle .
Reply
Chuck Moreland
New Member

‎10-15-2002 07:07 AM

‎10-15-2002 07:07 AM

Re: Permissions of Mounted Filesystems

That is great. Do you have a doc number or white paper from oracle that recomends this?
0 Kudos
Reply
MANOJ SRIVASTAVA
Honored Contributor

‎10-15-2002 07:11 AM

‎10-15-2002 07:11 AM

Re: Permissions of Mounted Filesystems

We have the structure like this

The Database mount points are owned by database like oracle/informix

The application owned bu application ids , and the connection of logins to the database are managed by the DB admins , ideally the mount points hsould be owned by the respective groups so that the upkeep si done by them and everything doesnt fall on teh admins.

Also note that preferable the lost+found should still be owned by root !

Manoj Srivastava
Reply
Andrew Cowan
Honored Contributor

‎10-16-2002 12:37 AM

‎10-16-2002 12:37 AM

Re: Permissions of Mounted Filesystems

I always create all mount-points as root.system 0777, then change the ownerships and permissions on the mounted-directory. In my experience with several versions of Unix, is that if you don't do this, strange problems can-arise.

It may seem insecure, but the mount-point is only exposed when there is no filesystem mounted over it, and since most filesystems tend to be mounted during boot, it never seems to cause me a problem.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.