The file permissions on cicscli.log allow
only the owner (root) and group to read and write the file.
To improve security further:
- Set the permissions on the ⁄var⁄cicscli subdirectory to
restrict general access
chmod 0711 ⁄var⁄cicscli
This
means users cannot even see which files are in this directory.
- Allow ECI and EPI programs, and terminals, to start the Client daemon,
but allow only the root user to perform all other client administration. To
do this, restrict access to the <install_path>⁄cicscli
binary file, and allow general read and execute access to the ⁄var⁄cicscli subdirectory.