2416706 - Check file permissions for SAP HANA client hdbuserstore on application server | SAP Knowledge Base Article

SAP Knowledge Base Article - Preview

2416706 - Check file permissions for SAP HANA client hdbuserstore on application server

Symptom

  • The data files of the hdbuserstore on Linux/Unix are sometimes (depending on the installer) world-readable (file permissions644,  -rw-r--r--).
    Affected files are "SSFS_HDB.DAT" and "SSFS_HDB.KEY".
    By default these files are protected by the directory privileges which are set to 700 (drwx------).
    That means, only the owner of the directory can access theses files – independent of the broader file permission.
  • Depending on installers, system configuration, and directory permissions, the directory and the files may get world-readable.
    That means a local user on the operating system could use the data files content and gain unauthorized access to the HANA DB.

Read more...

Environment

  • hdbuserstore
  • SQL client

Product

SAP HANA 1.0, platform edition

Keywords

security, hdbclient, SQLclient, userstore, password, SSFS_HDB.KEY, SSFS_HDB.DAT , KBA , HAN-DB-CLI , SAP HANA Clients (JDBC, ODBC) , HAN-DB , SAP HANA Database , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP ONE Support launchpad (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.