Minimal umask for Oracle 11g Installation
First as a bit of background, I am a systems administrator so I typically don't deal directly with Oracle databases/installations.
My question is if we can install Oracle 11GR2 with a more restrictive umask than 0022. We are attempting to create a build that is as secure as possible and I would like to set the umask to 0027 or better yet 0077 but I suspect that is going too far.
Everything that I can see in the documentation and online points to requiring a umask of 0022 but it seems like a bad practice to allow any user with a login to view any of oracles logs/trace files. Of course we limit which users have access to the system, but should someone manage to break into a different service account I would like to add another hurdle.
My question is if we can install Oracle 11GR2 with a more restrictive umask than 0022. We are attempting to create a build that is as secure as possible and I would like to set the umask to 0027 or better yet 0077 but I suspect that is going too far.
Everything that I can see in the documentation and online points to requiring a umask of 0022 but it seems like a bad practice to allow any user with a login to view any of oracles logs/trace files. Of course we limit which users have access to the system, but should someone manage to break into a different service account I would like to add another hurdle.
0