This content has been marked as final. Show 10 replies
The parameter that controls this is likely umask. It is an OS setting and is used to set the default permissions for files and directories created by a user -- in your case, likely oracle.
There are security ramifications to changing this setting as it will also affect the permissions of data files as they are created.
You could, possibly, create a cron script to change permissions for all files in a given directory to give read to the application users. May be run this every 10 minutes, or so.
Oracle software installation user is a criticalHi Werner,
userid, don't open a security hole. It's better to
create a specific application user with less database
privileges than 'oracle' (especially not part of
'dba' group), which performs datapump.
Do you have living example of changing OS level user to read/write datapump files?
According to Oracle Document, I don't think it's possible.
I think Ajallen is right, the actual dumpfile isNo, 'umask' setting of user doing data pump will not affect default permission of dump file in OS level. Oracle will default to 640 permission.
created by the OS and the file permissions depend on
'umask' setting of the particular user. Of course
additionally we need read-write access on the
datapump directory level.
And Like I said, the dump file will by default owned by 'oracle' user
%expdp userid=system schemas=testuser directory=imp_dir
-rw-r----- 1 oracle dba 205586432 May 29 13:40 expdat.dmp
I realize this is an old posting but thought this additional information may be of use to anyone that finds it as I did while looking for work arounds for this issue.
If your dump directory is owned by an application user you can issue a "chmod g+s <dump directory name>". This will cause newly created files (including .dmp files created by expdp) to inherit the group from the dump directory rather than end up with the "dba" group. So then you are in control. Initially the owner ofthe file will still be "oracle" but once you compress or copy the file it will be owned by the user who executed that command. At this point the "oracle" user won't be able to read the file so you will have to issue a "chmod o+r <file name>" to allow impdp to work for the file.