Security of the chunk files

For HCL OneDB™ security, store data in chunk files that are owned by user onedb, belong to group onedb, and have 660 permissions.

For non-root installations of HCL OneDB, the owner of the installation must also own the chunk files where data is stored. Chunk files for non-root installations of HCL OneDB must have permissions set to 600.

The directory holding the chunk files must be secure, following the same rules as those that ensure the installation directory is secure. Similarly, all other files and directories configured for use by HCL OneDB must be secure.

You can use the onsecurity utility to check if there are security problems with the directory holding the chunk files. The utility prints a diagnosis of any such problems, and can suggest a way to fix them.

Do not use /tmp as the directory for any log files or dump files. However, it is generally safe to create and use a subdirectory such as /tmp/onedb if the subdirectory has appropriately restricted permissions. Typically, a subdirectory like /tmp/onedb is owned by user and group onedb and does not have any public access permissions.