Note
A new authorization concept came into effect with database version 7.5.
See Database Administration, Special Operating System Users and Groups (Unix and Linux).
The measures described in the following are relevant only for database versions < 7.5.
Up to and including database version 7.4.03, access rights in SAP systems on Unix and Linux were automatically configured during installation as follows.
Directory |
Privilege |
Owner |
Group |
Comments |
---|---|---|---|---|
/sapdb/<SID>/sapdata |
750 |
sqd<sid> |
sapsys |
- |
/sapdb/<SID>/saplog |
750 |
sqd<sid> |
sapsys |
- |
/sapdb/<SID>/sapsys |
750 |
sqd<sid> |
sapsys |
- |
/sapdb/<SID>/dbsys |
750 |
sqd<sid> |
sapsys |
No longer applies as of 7.4 |
/sapdb/<SID>/db |
750 |
sqd<sid> |
sapsys |
If a database version 7.5 or higher is installed on a computer together with an older version, change the access privileges for the directory /sapdb/<SID>/db of the older database version to 755 to ensure that the database processes of the newer versions have unrestricted access to it. |
File |
Privilege |
Owner |
Group |
Comments |
---|---|---|---|---|
/sapdb/<SID>/sapdata/* |
660 |
sqd<sid> |
sapsys |
- |
/sapdb/<SID>/saplog/* |
660 |
sqd<sid> |
sapsys |
- |
/sapdb/<SID>/sapsys/* |
660 |
sqd<sid> |
sapsys |
- |
/sapdb/<SID>/dbsys/sys |
660 |
sqd<sid> |
sapsys |
No longer applies as of version 7.4 |
Raw Device |
Privilege |
Owner |
Group |
Comments |
---|---|---|---|---|
Raw devices for the database system |
660 |
sqd<sid> |
- |
Link to the raw devices used as data volumes or log volumes |
To restrict access rights, proceed as follows:
Save the original settings. To do so, enter the following commands:
cd /usr/sap ls -lR > sap_perm.txt
cd /sapmnt ls -lR > sap_sw.txt
cd /sapdb/<SID> ls -lR > sapdb_perm.txt
Grant the desired access privileges for files and directories using the chmod command:
chmod <access_rights_octal> <file_or_directory>
Example
chmod 750 /sapdb/<SID>/sap*
chmod 750 /sapdb/<SID>/sapdata/*
chmod 750 /sapdb/<SID>/saplog/*
...
Caution
Do not use chmod recursively. It is very easy to make unintended changes to authorizations when doing so.