Setting the umask value in RSA Identity Governance & Lifecycle
Originally Published: 2017-09-22
Article Number
Applies To
Tasks
This article provides some general information about the 'umask' command and how exactly its relevant to RSA Identity Governance and Lifecycle.
The questions below about the umask command will be addressed in the article.
- Does the umask value always need to be set to '0022' in RSA Identity Governance and Lifecycle? Or, does it need to be set to this value only for a specific set of users?
- Does the umask value only need to be changed for the installation? Can it be changed back after the installation or is there a process which requires it?
- Does the installer check .bashrc or any other configuration files?
Resolution
You can setup umask in /etc/bashrc or /etc/profile file for all users. By default in most Linux system it is set to 0022 (022) or 0002 (002).
In RSA Identity Governance & Lifecycle, you are only concerned about below three OS users : (Below mentioned are OS users, not DB users)
- root
- oracle (the RSA Identity Governance and Lifecycle application runs as oracle)
- admin
In RSA Identity Governance & Lifecycle you can see from the /etc/profile or ~/.bashrc files that all of the above mentioned users have umask set to 0022. (022)
Does the umask value always need to be set to '0022' in RSA Identity Governance and Lifecycle? Or, does it need to be set to this value only for a specific set of users?
The umask value need not be changed while installing RSA Identity Governance & Lifecycle. It is usually set to default value (0022) for OS users.
Does the umask value only need to be changed for the installation? Can it be changed back after the installation or is there a process which requires it?
The umask value can be changed if required after installation. If you want all the directories/files to be created with specific permissions then the umask value needs to be changed. However, it is not recommended to change it, specifically when it is an RSA Identity Governance & Lifecycle environment. (i.e. keep it as 0022 which is the default value)
Does the installer check .bashrc or any other configuration files?
Every time you log in to a Linux system, a .bash_profile file is executed. The .bash_profile file is nothing but a combination of environment variable scripts and the umask command as seen in the output below.
. ~/setAFXEnv.sh . ./setDeployEnv.sh umask 022
You can also see below that the installer checks and performs all of these tests.
Running test : checkTotalMemory Running test : checkOracleRPMsPreReqs Running test : checkEtcHosts Running test : checkFqdnHasDomainFormat Running test : checkSwapSpace Running test : checkMinDiskSizes Running test : checkEntitlementPrereqs passwd oracle 500 Running test : checkEntitlementMatchingId passwd oracle 500 1 Running test : checkEntitlementPrereqs group oinstall 500 Running test : checkEntitlementPrereqs group dba 501 Running test : checkASMKernelDriver /opt/appliancePatches/asmlib Running test : checkUserInGroups oracle groupArray[@] Running test : checkRunLevel expectedRunlevels[@] Running test : checkEtcSecurityLimits oracle hard nofile 65536 Running test : checkEtcSecurityLimits oracle soft nofile 1024 Running test : checkEtcSecurityLimits oracle hard nproc 16384 Running test : checkEtcSecurityLimits oracle soft nproc 2047 Running test : checkEntitlementMatchingId passwd root 0 1 Running test : checkUserNotInGroup oracle root Running test : checkUMASK 0022 Running test : checkDNSResolution Running test : checkShmMount Running test : checkBootMount Running test : checkAFXPermissions oracle /home/oracle/AFX
From the above explanation it is clear that the installer does check .bashrc and any other configuration files necessary to perform the installation.
Notes
For more details about the umask command, refer to the following link: https://askubuntu.com/questions/44542/what-is-umask-and-how-does-it-work/276958
If a new user is created in the environment, it is the customer's responsibility to decide what the umask value needs to be as they would not be one of the three RSA-supplied users for use with RSA Governance & Lifecycle.
The Aveksa Installer always checks Aveksa_System.cfg.
Related Articles
Artifacts to gather in RSA Identity Governance & Lifecycle Number of Views Optimal value for CollectorRawDataSetsToKeep in RSA Identity Governance & Lifecycle Number of Views How to check local file system disk space usage for RSA Identity Governance & Lifecycle Number of Views How to configure a global default Circuit Breaker threshold value in RSA Identity Governance & Lifecycle Number of Views How to recover the AveksaAdmin account password in RSA Identity Governance & Lifecycle 7.0.2 P02 and above Number of Views
Trending Articles
Downloading RSA Authentication Manager license files or RSA Software token seed records RSA Release Notes for RSA Authentication Manager 8.8 RSA Authentication Manager 8.9 Release Notes (January 2026) Download RSA SecurID Access Cloud User Event audit logs using Cloud Administration REST API CLU RSA SecurID Software Token 5.0.2 for Windows Desktop displays message after reboot due to roaming profile: No token stor…
Don't see what you're looking for?
