IDM 7.2.1

Sensitive files and directories

Protect IDM files from access by unauthorized users. In particular, prevent other users from reading files in at least the openidm/resolver/ and openidm/security/ directories.

The objective is to limit access to the user that is running the service. Depending on the operating system and configuration, that user might be root, Administrator, openidm, or something similar.

Protect sensitive files in Unix

  1. Make sure that user and group ownership of the installation and project directories is limited to the user running the IDM service.

  2. Disable access of any sort for other users. One simple command for that purpose, from the /path/to/openidm directory, is:

    chmod -R o-rwx .

Protect sensitive files in Windows

The IDM process in Windows is typically run by the Local System service account.

If you are concerned about the security of this account, you can set up a service account that only has permissions for IDM-related directories, then remove User access to the directories noted above. You should also configure the service account to deny local and remote login. For more information, see the User Rights Assignment article in Microsoft’s documentation.

Copyright © 2010-2022 ForgeRock, all rights reserved.