Impact on giving full permissions (777) on Project?

A forum for discussing DataStage<sup>®</sup> basics. If you're not sure where your question goes, start here.

Moderators: chulett, rschirm, roy

Post Reply
ulab
Participant
Posts: 56
Joined: Mon Mar 16, 2009 4:58 am
Location: bangalore
Contact:

Impact on giving full permissions (777) on Project?

Post by ulab »

HI DataStage Users,

What is the impact of giving full permissions (777) on Project folder,

We have a odd requirement:

On a Production box, only one project needs to be given RW access on the project XXX. So I was thinking if I give 777 permissions to that project, what is the impact? Will that work for my requirement?

Appreciate your inputs...

NOTE: I searched with few keywords in the foram but could not get any related posts:)

Thanks,
Bala,
Ulab----------------------------------------------------
help, it helps you today or Tomorrow
PaulVL
Premium Member
Premium Member
Posts: 1315
Joined: Fri Dec 17, 2010 4:36 pm

Post by PaulVL »

A recursive 2775 is what I give. I set the project GROUP ownership to dstage group. That way no tourists who do not have permissions in the datastage group can alter the project path content.

Security team in your company will flag a 777 path most likely.
asorrell
Posts: 1707
Joined: Fri Apr 04, 2003 2:00 pm
Location: Colleyville, Texas

Post by asorrell »

Paul's suggestion to use the SGID bit is a good one, it also insures that all new files are owned by the dstage group, even if the creator doesn't have dstage as their primary group.

It can also be set with the "g+s" option of chmod:

$ ls -ld DevProject
drwxrwxr-x 7096 root dstage 4096 Aug 19 02:33 DevProject
$ chmod g+s DevProject
$ ls -ld DevProject
drwxrwsr-x 7096 root dstage 4096 Aug 19 02:33 DevProject
Andy Sorrell
Certified DataStage Consultant
IBM Analytics Champion 2009 - 2020
PaulVL
Premium Member
Premium Member
Posts: 1315
Joined: Fri Dec 17, 2010 4:36 pm

Post by PaulVL »

Don't forget the recursive part Andy.

for a pre-existing path... it's important.
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am
Location: USA

Post by qt_ky »

We standardized on using 2770 permissions and also follow it with a chmod -R o-rx command on the directory that holds the DataStage project subdirectory and all the related subdirectories of our own making.
Choose a job you love, and you will never have to work a day in your life. - Confucius
Post Reply