Although the database files in a DBEnvironment (DBEFiles) are
secure from modification by unauthorized users, these files
can be removed or replaced by any user who has write permission
in the directory where the DBEnvironment resides. Therefore, the
DBEnvironment is not secure unless you restrict access to this
directory.
The special user hpdb must have write permission in the directory
in which you are creating the DBEnvironment. Additionally,
it is recommended that the directory which contains the DBEnvironment
be created with a mode of 755, be owned by userid hpdb, and be
associated with group bin. This is the most secure directory scheme; it
allows all system users read and
execute access to the files, but reserves write access only for
the special userid hpdb. Because ordinary users can access
the files in this directory only through ALLBASE/SQL, the DBEnvironment is
secure.
Use the following sequence of commands from the directory above
the one where the DBEnvironment will be located:
$ mkdir sampledb
$ chmod 755 sampledb
$ chgrp bin sampledb
$ chown hpdb sampledb
|
You can use the ll command to display the result:
drwxr-xr-x 2 hpdb bin 1024 Dec 17 15:56 sampledb
|
In addition, it is recommended that the user invoke ISQL and
connect to the DBEnvironment from a directory where the user
has write permission (but other than the directory where the
DBEnvironment resides). This allows the user to create
files such as isqlpro, isqlsyn, and command files, and to
customize individual access to a particular DBEnvironment. Although
users may change into the directory where the DBEnvironment resides
and invoke ISQL, they must still set isqlout to a filename
in a directory for which they have write permission. Refer to the
ALLBASE/ISQL Reference Manual for further information about the
isqlout file and connecting to a DBEnvironment.
