Sensitive files and directories
Protect IDM files from access by unauthorized users. In particular, prevent other users from reading files in at least the openidm/resolver/
and openidm/security/
directories.
The objective is to limit access to the user that is running the service. Depending on the operating system and configuration, that user might be root
, Administrator
, openidm
, or something similar.
Protect sensitive files in Unix
-
Make sure that user and group ownership of the installation and project directories is limited to the user running the IDM service.
-
Disable access of any sort for
other
users. One simple command for that purpose, from the/path/to/openidm
directory, is:chmod -R o-rwx .
Protect sensitive files in Windows
The IDM process in Windows is typically run by the Local System
service account.
If you are concerned about the security of this account, you can set up a service account that only has permissions for IDM-related directories, then remove User access to the directories noted above. You should also configure the service account to deny local and remote login. For more information, refer to the User Rights Assignment article in Microsoft’s documentation.