Configuring File Permission Security Policies

Background

During its installation, the database sets permissions for its files, including files (such as log files) generated during the running process. File permissions are set as follows:

• The permission of program directories in the database is set to 0750.

• The permission for data file directories in the database is set to 0700.

  During openGauss deployment, the directory specified by the tmpMppdbPath parameter in the XML configuration file is created for storing .s.PGSQL.* files. If the parameter is not specified, the /tmp/$USER_mppdb directory is created. The directory and file permission is set to 0700.

• The permissions of data files and audit logs of the database, as well as data files generated by other database programs, are set to 0600. The permission of run logs is equal to or lower than 0640 by default.

• Common OS users are not allowed to modify or delete database files and log files.

Directory and File Permissions of Database Programs

Table 1 lists some of program directories and file permissions of the installed database.

Table 1 Program directories and file permissions

Suggestion

During the installation, the database automatically sets permissions for its files, including files (such as log files) generated during the running process. The specified permissions meet permission requirements in most scenarios. If you have any special requirements for the related permissions, you are advised to periodically check the permission settings to ensure that the permissions meet the product requirements.