We are running Baan IVc4 on HPUX 11.00 and we're in the process of clamping down on security. One of the things we are looking at changing is the system umask from 00 to 022. All files created subsequently will have read/write access for the file owners but only read access for everyone else.

Could this potentially cause us any problems?

Thanks

PJ

PJ,

umask value 022 is at least what it should be. I hope your system was not installed with a umask of 000.

Thanks Pat,

I'll forward this info onto our UNIX Administrator.

It looks as if our system was intially set-up with a umask of 000.

Thanks

PJ

I am not so sure about umask 022. This will have the consequence that e.g. a convert to runtime has to be done by one certain account. Furthermore the developers can't work on work that collegue's have developed.

Baan has a quick guide no. 1029 which will give you some more info.

Regards,

Han,

Good comments. I was assuming a production environment here. We do not allow any maintenance (CRDD, patch install etc) to be done by any other account than bsp. In that scenario a umask value of 022 is appropriate. For development server you might consider a looser security to allow files under $BSE to be group (bsp) writeable.

Pat,

You are right, in a production environment it makes sense. However personally I would like to know which administrator did what, I am not a fan of sharing accounts.

As described in the QC you can solve the problem as well with a group bit on the bshell.

Regards,
Han