Setting Access Privileges for SAP System Directories Under UNIX/LINUX

We recommend that you restrict the file and directory access privileges as shown in the table below.

The access rights shown in the table below are automatically set in the installation procedures.

Setting Access Privileges for SAP System Directories and Files

SAP Directory or Files

Access Privilege in Octal Form

Owner

Group

/sapmnt/<SID>/exe

775

<sid>adm

sapsys

/sapmnt/<SID>/exe/saposcol

4755

root

sapsys

/sapmnt/<SID>/global

700

<sid>adm

sapsys

/sapmnt/<SID>/profile

755

 

 

/usr/sap/<SID>

751

 

 

/usr/sap/<SID>/<Instance ID>

755

 

 

/usr/sap/<SID>/<Instance ID>/*

750

<sid>adm

sapsys

/usr/sap/<SID>/<Instance ID>/sec

700

<sid>adm

sapsys

/usr/sap/<SID>/SYS

755

<sid>adm

sapsys

/usr/sap/<SID>/SYS/*

755

<sid>adm

sapsys

/usr/sap/trans

775

<sid>adm

sapsys

/usr/sap/trans/*

770

<sid>adm

sapsys

/usr/sap/trans/.sapconf

775

<sid>adm

sapsys

<home directory of <sid>adm>

700

<sid>adm

sapsys

<home directory of <sid>adm>/*

700

<sid>adm

sapsys

UMASK

Newly created files have rights determined by UMASK definitions. An UMASK is a four digit octal number that specifies those access rights that are not to be given to newly created files. You can define UMASKS in any of several files, to include:

·        .login

·        .cshrc

·        .profile

·        /etc/profile

As with UNIX access rights, the corresponding octal positions represent user, group, and world access, and the value of the digit represents which access privileges should be removed (remove none = 0, remove write = 2, remove all = 7).

You can use the UMASK to automatically restrict permissions for newly created files. For example, by defining a UMASK of 0027, you specify that all newly created files have the access rights 750.