2.4.6 File System Access to OS Users

This topic provides information on file system access to OS users.

Access rights to the Oracle Home, WebLogic Server product directory, and the WebLogic domain directories should be provided only to the “WebLogic Owner” user. Privileged users will anyway have access to the WebLogic Server installation, by default.

Users in the Others category can be restricted from reading the afore-mentioned directories.

Ensure that the following files in the WebLogic installation are available only to the WebLogic owner:

• The security LDAP database which is usually located in the WL_HOME\user_projects\domains\ DOMAIN_NAME\servers\SERVER_NAME\data\ldap\ldapfiles directory
• The keystore used in the keystore configuration of the server(s).
• The Root Certificate Authority keystore.

Oracle WebLogic Server provides persistent stores for several subsystems, some of which are utilized by Oracle FLEXCUBE Investor Servicing. Ensure that access to the persistent file stores based on files is restricted to the WebLogic owner OS user. The default persistent file store is located in the data\store\default directory under the servername subdirectory under the WebLogic domain’s root directory. If custom (user-defined) persistence stores have been created, the same restrictions should be applied on the files and directories used by such stores.