Understanding PS_HOME and PS_CFG_HOME Security
With the separation of the PS_HOME and PS_CFG_HOME directories, system administrators can implement more secure PeopleSoft deployments by restricting access within each of these directory structures.
This section describes the procedures and considerations involved in configuring these additional security options.
Note: Each site can elect to implement these security measures as needed according to individual security policies.
Note: Each PeopleSoft application you have licensed may have specific instructions regarding the implementation of these security measures. Always check your application-specific documentation for any information you need to consider to ensure both a secure environment and a properly functioning application.
Because the configuration files, by default, do not reside in PS_HOME, the PS_HOME installation can be locked down to prevent unauthorized access, by user or system process. By making the PS_HOME directory ‘Read-Only’, processes running in the domain cannot write to PS_HOME or any of the subdirectories therein. Likewise, any users with malicious intent are unable to delete or modify executable files in PS_HOME.
Securing PS_HOME involves making the directory read-only, yet making sure that the following system elements have sufficient access.
|
System Element |
Description |
|---|---|
|
Application server |
Application server domains need read access to the executable and binary files of PS_HOME to process requests and run application logic. |
|
Process Scheduler |
Process Scheduler domains need read access to the executable and binary files of PS_HOME to run batch processes. Plus, keep in mind these points:
|
|
File server/Windows workstations |
The file server and/or Windows workstations running Application Designer need read-only access to PS_HOME to facilitate three-tier connections. |
Note: These instructions do not apply to the PS_HOME residing on the web server for PIA or the PS_HOME on the database server.
Note: When implementing a read-only PS_HOME, consider that environment locations to which processes write files can't be in a read-only location. Settings for "temporary" directories and "output" directories should not be located within the PS_HOME directory structure. For example, the default temporary directory locations are C:\Documents and Settings\<user>.PEOPLESOFT\Local Settings\Temp (Windows) and %root%\TMP (UNIX).
Note: All elements of your PeopleSoft implementation, such as Process Scheduler and SQR can operate within a secure PS_HOME configuration.
The bare minimum that needs write access at the time a domain boots includes:
The domain directory: it must be possible to write content to the domain directory although most of the configuration files in this directory can be read-only.
The domain LOGS directory: by default this is the LOGS directory beneath the domain directory. If this location is overridden in the configuration file, the relevant location must also be read-write.
The .adm directory: this subdirectory within the domain (if present) must also be read-write. This is required by Oracle Tuxedo.
The Archive directory: located within the domain directory, a copy of the .cfg is archived to this directory each time it is updated. This directory is also used by the Purge Cache PSADMIN option for application servers.
All other files in the PS_CFG_HOME directory tree can be made read-only to the user starting the domain.
Some administrators may want to implement additional security and restrict access to PS_CFG_HOME. For example, in some cases you may want take further steps to limit privileges of the user starting a domain, or lock down configuration files to prevent unintended configuration changes during runtime.