Protecting Sensitive Files and Directories
Protect IDM files from access by unauthorized users. In particular, prevent other users from reading files in at least the openidm/resolver/
and openidm/security/
directories.
The objective is to limit access to the user that is running the service. Depending on the operating system and configuration, that user might be root
, Administrator
, openidm
, or something similar.
Make sure that user and group ownership of the installation and project directories is limited to the user running the IDM service.
Disable access of any sort for
other
users. One simple command for that purpose, from the/path/to/openidm
directory, is:chmod -R o-rwx .
The IDM process in Windows is normally run by the
Local System
service account.If you are concerned about the security of this account, you can set up a service account that only has permissions for IDM-related directories, then remove User access to the directories noted above. You should also configure the service account to deny local and remote login. For more information, see the User Rights Assignment article in Microsoft's documentation.