Setting the umask value in RSA Identity Governance & Lifecycle
Originally Published: 2017-09-22
Article Number
Applies To
Tasks
This article provides some general information about the 'umask' command and how exactly its relevant to RSA Identity Governance and Lifecycle.
The questions below about the umask command will be addressed in the article.
- Does the umask value always need to be set to '0022' in RSA Identity Governance and Lifecycle? Or, does it need to be set to this value only for a specific set of users?
- Does the umask value only need to be changed for the installation? Can it be changed back after the installation or is there a process which requires it?
- Does the installer check .bashrc or any other configuration files?
Resolution
You can setup umask in /etc/bashrc or /etc/profile file for all users. By default in most Linux system it is set to 0022 (022) or 0002 (002).
In RSA Identity Governance & Lifecycle, you are only concerned about below three OS users : (Below mentioned are OS users, not DB users)
- root
- oracle (the RSA Identity Governance and Lifecycle application runs as oracle)
- admin
In RSA Identity Governance & Lifecycle you can see from the /etc/profile or ~/.bashrc files that all of the above mentioned users have umask set to 0022. (022)
Does the umask value always need to be set to '0022' in RSA Identity Governance and Lifecycle? Or, does it need to be set to this value only for a specific set of users?
The umask value need not be changed while installing RSA Identity Governance & Lifecycle. It is usually set to default value (0022) for OS users.
Does the umask value only need to be changed for the installation? Can it be changed back after the installation or is there a process which requires it?
The umask value can be changed if required after installation. If you want all the directories/files to be created with specific permissions then the umask value needs to be changed. However, it is not recommended to change it, specifically when it is an RSA Identity Governance & Lifecycle environment. (i.e. keep it as 0022 which is the default value)
Does the installer check .bashrc or any other configuration files?
Every time you log in to a Linux system, a .bash_profile file is executed. The .bash_profile file is nothing but a combination of environment variable scripts and the umask command as seen in the output below.
. ~/setAFXEnv.sh . ./setDeployEnv.sh umask 022
You can also see below that the installer checks and performs all of these tests.
Running test : checkTotalMemory Running test : checkOracleRPMsPreReqs Running test : checkEtcHosts Running test : checkFqdnHasDomainFormat Running test : checkSwapSpace Running test : checkMinDiskSizes Running test : checkEntitlementPrereqs passwd oracle 500 Running test : checkEntitlementMatchingId passwd oracle 500 1 Running test : checkEntitlementPrereqs group oinstall 500 Running test : checkEntitlementPrereqs group dba 501 Running test : checkASMKernelDriver /opt/appliancePatches/asmlib Running test : checkUserInGroups oracle groupArray[@] Running test : checkRunLevel expectedRunlevels[@] Running test : checkEtcSecurityLimits oracle hard nofile 65536 Running test : checkEtcSecurityLimits oracle soft nofile 1024 Running test : checkEtcSecurityLimits oracle hard nproc 16384 Running test : checkEtcSecurityLimits oracle soft nproc 2047 Running test : checkEntitlementMatchingId passwd root 0 1 Running test : checkUserNotInGroup oracle root Running test : checkUMASK 0022 Running test : checkDNSResolution Running test : checkShmMount Running test : checkBootMount Running test : checkAFXPermissions oracle /home/oracle/AFX
From the above explanation it is clear that the installer does check .bashrc and any other configuration files necessary to perform the installation.
Notes
For more details about the umask command, refer to the following link: https://askubuntu.com/questions/44542/what-is-umask-and-how-does-it-work/276958
If a new user is created in the environment, it is the customer's responsibility to decide what the umask value needs to be as they would not be one of the three RSA-supplied users for use with RSA Governance & Lifecycle.
The Aveksa Installer always checks Aveksa_System.cfg.
Related Articles
How can account access be prevented when a password expires based on the Password Expiration Date in a Password Policy def… Number of Views RSA Announces the Availability of RSA Identity Governance and Lifecycle Appliance Updater Release Number of Views RSA Identity Governance and Lifecycle 7.1 Appliance Updater Guide Number of Views Request could not be handled error in RSA Identity Governance & Lifecycle Request Forms Number of Views RSA Identity Governance & Lifecycle March 2019 appliance updater fails to install OS patches in virtual application enviro… Number of Views
Trending Articles
RSA Authentication Manager 8.3 Dell 630 and 230 hardware appliance loses ability to access keyboard when running PING 4.0 … RSA SecurID software token .sdtid file fails to import into RSA SecurID Software Token 5.0 for Windows Setting up the RSA Authentication Agent API 8.5 on a Linux operating system RSA Release Notes for RSA Authentication Manager 8.8 How a Multi-App Entitlement Collector (MAEDC) resolves entitlement relationships with accounts and groups collected by a M…
Don't see what you're looking for?
