Background documentationRestricting Access to Database Resources (Unix and Linux up to Database Version 7.4.03) Locate this document in the navigation structure

 

Note Note

A new authorization concept came into effect with database version 7.5.

See Database Administration, Special Operating System Users and Groups (Unix and Linux).

The measures described in the following are relevant only for database versions < 7.5.

End of the note.

Up to and including database version 7.4.03, access rights in SAP systems on Unix and Linux were automatically configured during installation as follows.

Access Rights in SAP Systems up to and Including Database Version 7.4.03: Directories

Directory

Privilege

Owner

Group

Comments

/sapdb/<SID>/sapdata

750

sqd<sid>

sapsys

-

/sapdb/<SID>/saplog

750

sqd<sid>

sapsys

-

/sapdb/<SID>/sapsys

750

sqd<sid>

sapsys

-

/sapdb/<SID>/dbsys

750

sqd<sid>

sapsys

No longer applies as of 7.4

/sapdb/<SID>/db

750

sqd<sid>

sapsys

If a database version 7.5 or higher is installed on a computer together with an older version, change the access privileges for the directory /sapdb/<SID>/db of the older database version to 755. With this, you ensure that the database processes of the newer versions have unrestricted access to the directory.

Access Rights in SAP Systems up to and Including Database Version 7.4.03: Files

File

Privilege

Owner

Group

Comments

/sapdb/<SID>/sapdata/*

660

sqd<sid>

sapsys

-

/sapdb/<SID>/saplog/*

660

sqd<sid>

sapsys

-

/sapdb/<SID>/sapsys/*

660

sqd<sid>

sapsys

-

/sapdb/<SID>/dbsys/sys

660

sqd<sid>

sapsys

No longer applies as of version 7.4

Access Rights in SAP Systems up to and Including Database Version 7.4.03: Raw Devices

Raw Device

Privilege

Owner

Group

Comments

Raw devices for the database system

660

sqd<sid>

-

Link to the raw devices used as data volumes or log volumes

Procedure

To restrict access rights, proceed as follows:

  1. Save the original settings. To do so, enter the following commands:

    cd /usr/sap ls -lR > sap_perm.txt

    cd /sapmnt ls -lR > sap_sw.txt

    cd /sapdb/<SID> ls -lR > sapdb_perm.txt

  2. Grant the desired access privileges for files and directories using the chmod command:

    chmod <access_rights_octal> <file_or_directory>

    Example Example

    chmod 750 /sapdb/<SID>/sap*

    chmod 750 /sapdb/<SID>/sapdata/*

    chmod 750 /sapdb/<SID>/saplog/*

    ...

    End of the example.

    Caution Caution

    Do not use chmod recursively. It is easy to make unintended changes to authorizations when doing so.

    End of the caution.