Before you begin
WebSphere Application Server depends on several configuration files created during installation. These files contain password information and need protection. Although the files are protected to a limited degree during installation, this basic level of protection is probably not sufficient for your site. Verify that these files are protected in compliance with the policies of your site.
For example, give permission to the user who logs onto the system for WebSphere Application Server primary administrative tasks. Other users or groups, such as WebSphere Application Server console users and console groups, who perform partial WebSphere Application Server administrative tasks, like configuring, starting servers and stopping servers, need permissions as well.
Steps for this task
The customization jobs that are generated provide the following functions:
Note: All files in WAS_HOME/config directory must have write and read access by all members of the WebSphere Configuration group, but must not be accessible by everyone (mode 770). All files in WAS_HOME/properties must have write and read access by all members of the WebSphere Configuration group. Set the access permissions for the following files as it pertains to your security guidelines:
For example, you might issue the following command: chmod 770 file_name where file_name is the name of the file listed previously. These files contain sensitive information such as passwords.
Results
After securing your environment, only the users given permission can access the files. Failure to adequately secure these files can lead to a breach of security in your WebSphere Application Server applications.What to do next
If there are any failures caused by file accessing permissions, check the permission settings.