Disabling the security check of INFORMIXDIR and subdirectories

You must never disable security checking on INFORMIXDIR, but you can partially disable the automatic security check of a specific installation directory.

About this task

This task is intended only if you have no other recourse in order to do essential work on the database server and can accept the consequences of disabling security on INFORMIXDIR. If you disable the security checking, you must use the ibmifmx_security.sh script to limit the number of SUID and SGID programs on your system.

Important: The following script causes HCL OneDB™ to run with an INFORMIXDIR that has public write access, which can open up your system to security breaches.

To disable security checking:

Procedure

As the user root, run the INFORMIXDIR/etc/informixdir-is-insecure script.

After this script runs successfully, the warning messages still open when the utilities are run, but the programs continue. You can specify the value of INFORMIXDIR on the command line as an argument to the script. Thus, you are not required to set INFORMIXDIR in the root user environment.

Results

The informixdir-is-insecure script creates a /etc/informix directory (if necessary) that is owned by root and has 555 permissions. In this directory, the script creates a file named server-xx.xx.yyy that has 444 permissions. The xx.xx portion of the file name is the major version number and yyy portion is the fix pack number: for example, server-14.10server-11.70.UC1. This file lists the $INFORMIXDIR values for which security checking is disabled.

If you later upgrade HCL OneDB, you will be prompted to verify that you want to continue using an INFORMIXDIR that is not secure in the newer version.