SAP Knowledge Base Article - Preview

2416706 - Check file permissions for SAP HANA client hdbuserstore on application server

Symptom

  • The data files of the hdbuserstore on Linux/Unix are sometimes (depending on the installer) world-readable (file permissions644,  -rw-r--r--).
    Affected files are "SSFS_HDB.DAT" and "SSFS_HDB.KEY".
    By default these files are protected by the directory privileges which are set to 700 (drwx------).
    That means, only the owner of the directory can access theses files – independent of the broader file permission.
  • Depending on installers, system configuration, and directory permissions, the directory and the files may get world-readable.
    That means a local user on the operating system could use the data files content and gain unauthorized access to the HANA DB.


Read more...

Environment

  • hdbuserstore
  • SQL client

Product

SAP HANA 1.0, platform edition

Keywords

security, hdbclient, SQLclient, userstore, password, SSFS_HDB.KEY, SSFS_HDB.DAT,Check file permissions for SAP HANA client hdbuserstore on application server, data files, hdbuserstore , Secure Storage in File System (AS ABAP), file permissions644 , KBA , HAN-DB-CLI , SAP HANA Clients (JDBC, ODBC) , HAN-DB , SAP HANA Database , Problem

About this page

This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).

Search for additional results

Visit SAP Support Portal's SAP Notes and KBA Search.