Secure Files in Folders

On the computers where labs or other data sources will post data files, restrict access to data files to prevent investigators and others from seeing data they should not see, such as blinded data and data from other sources.

1. Set up a secure file transfer method:
   • Transfer files using a secure system process such as SFTP or a secure file synchronization service.
   • Isolate the file share from direct user access by using an indirect method of conveying files to the file share such as a dropbox.
2. Use UNIX/Linux file system security by creating a UNIX/Linux file system group and assigning user IDs that require access to the group:
   • The OS user ID that executes the DP Server that is running File Watcher. You set up this account during Oracle LSH installation.
   • OS user IDs that place files in the file share (using SFTP, for example).
   • The OS user ID that executes a program that places files in the file share (an automated file transfer or file synchronization program).
3. Restrict access to the file share. Only the file owner and group should have any permissions. The other permissions should be empty. If the user ID running the DP Server is the same as the user ID used to transfer all files, then only owner file permissions are needed. Assuming this is not the case, grant permissions to both the file owner and group as follows.

   In /etc/bashrc or /etc/profile, set umask:

   umask 007

   This has the same effect as the following settings:

Table 4-1 Recommended Operating System Permissions

File Type	Description	Symbolic	Numeric
Directory	Owner and Group have Read, Write, and Execute; others have no permissions.	drwxrwx---	770
File	Owner and Group have Read and Write; others have no permissions.	-rw-rw----	660