Configuration of the umask can be done by altering a property value in the <pas instance name>/conf/appserver.properties:
It is possible to configure different umask values depending on different values for psc.as.security.model which is a property in the following file:
<PAS instance name>/conf/appserver.propertiesThe
tcman.sh, invokes
tcmanager.sh from $DLC/servers/pasoe/bin
tcmanager.sh has a CASE condition to use the security model defined in the appserver.properties file where the possible values are: development, production, default, and *
Example: pasman config -I oepas1 | grep security
-Dpsc.as.security.model=developer
# DLC/servers/pasoe/bin/tcmanager.sh
# use umask to remove directory permissions:
# dev - no restrictions - use the system default rwxrwxrwx
# prod - restrict groups & others rwxrwx---
# def - use the umask value of the OS process
case ${_cfgsecmodel} in
dev* ) _cfgumask=0000 ;;
prod* ) _cfgumask=0007 ;;
def* ) _cfgumask="`umask`" ;;
* ) _cfgumask=0022 ;;
esac
Where:
- The development security model umask is 0000 which means the permissions of the files will be wide open.
- The production security model umask is 0007 which means world has no permissions at all.
- The default security model will use whatever the current user umask is configured as.
- The * security model allows the user to configure a umask of the user's choice, by default it uses a umask of 0022 which means group and world can read an execute but not write.
To see the current security model and umask configured use the following command:
<PAS Instance directory>/bin/tcman.sh env
Within the output a statement of the security-model and umask is listed:
security model: developer
file system umask 0000
