Disabling the security check of $ONEDB_HOME and subdirectories

You must never disable security checking on $ONEDB_HOME, but you can partially disable the automatic security check of a specific installation directory.

About this task

This task is intended only if you have no other recourse in order to do essential work on the database server and can accept the consequences of disabling security on $ONEDB_HOME. If you disable the security checking, you must use the ifmx_security.sh script to limit the number of SUID and SGID programs on your system.

Important: The following script causes HCL OneDB™ to run with an $ONEDB_HOME that has public write access, which can open up your system to security breaches.

To disable security checking:

Procedure

As the user root, run the $ONEDB_HOME/etc/record-installdir-is-insecure script.

After this script runs successfully, the warning messages still open when the utilities are run, but the programs continue. You can specify the value of $ONEDB_HOME on the command line as an argument to the script. Thus, you are not required to set $ONEDB_HOME in the root user environment.

Results

The record-installdir-is-insecure script creates a /etc/onedb directory (if necessary) that is owned by root and has 555 permissions. In this directory, the script creates a file named server-xx.xx.yyy that has 444 permissions. The xx.xx portion of the file name is the major version number and yyy portion is the fix pack number. This file lists the $ONEDB_HOME values for which security checking is disabled.

If you later upgrade HCL OneDB, you will be prompted to verify that you want to continue using an $ONEDB_HOME that is not secure in the newer version.