permissions on redo log files

Former Member · ‎10-07-2008

I have received complain from people responsible for security of SAP data that redo log files have permission 755 (everyone can read from them)

I would like to get your input on the following :

- Is this a material risk?? In other words, how u201Ceasyu201D would it be to reconstruct something meaningful out of the redo-logs provided that you know exactly in which tables certain business data is stored ?

- This is apparently a SAP standard (can it be confirmed ?) Are there plans with SAP, as of certain release, to change this to a more secure file permission ?

- Is there any risk in changing these permissions to something more restrictive and what are the challenges ?

andreas_herzog · ‎10-09-2008

usually sapinst will implement the logfiles with permissions 640 (as with all data files as well)...so you'd change the permissions accordingly...

GreetZ, AH

former_member204746 · ‎10-08-2008

change it to 750.

check with Oracle specialists. this is not really a SAP problem.

change umask to 027 on a TST system and see what happens.

debasissahoo · ‎10-07-2008

Hi,

"Everybody can read from them" - the redo logs are present inside the server, and access to the server is limited to the admin team not to all. and online logs are are in binary format, it can only be used by the standard Oracle installation services.

Online redo logs are part of oracle logging mechanism, and it requires those permission. I've not yet seen somewhere SAP explicitly telling to give 755 permission to redologs.

hope this helps,

Debasis.

permissions on redo log files

Accepted Solutions (0)

Answers (3)

Answers (3)

Buildpack compile failed for python app

Re: Change of Granularity

Change of Granularity

Re: An internal server error occured: The MPL ID f...

Re: Entity in schema not found error when creating...