Sensitive files and directories
Protect IDM files from access by unauthorized users. In particular, prevent other users from reading files in at least the
The objective is to limit access to the user that is running the service. Depending on the operating system and configuration, that user might be
openidm, or something similar.
Make sure that user and group ownership of the installation and project directories is limited to the user running the IDM service.
Disable access of any sort for
otherusers. One simple command for that purpose, from the
chmod -R o-rwx .
The IDM process in Windows is typically run by the
Local System service account.
If you are concerned about the security of this account, you can set up a service account that only has permissions for IDM-related directories, then remove User access to the directories noted above. You should also configure the service account to deny local and remote login. For more information, refer to the User Rights Assignment article in Microsoft’s documentation.