Environment
Situation
How to restrict permissions on ESEC_HOME folder.
Resolution
There is not currently a comprehensive list of permissions needed to grant for users in order for the system to function appropriately.
However, here is a list of things currently known, this is not a comprehensive list and is only intended to be a starting point :
For Sentinel Server:
1. The Sentinel service log on account needs read/write access to %ESEC_HOME%\configuration.xml and %ESEC_HOME%\.uuid. It will also generate temporary .lck file at this folder.
2. The Sentinel service log on account needs read to %ESEC_HOME%\.keystore.
3. The Sentinel service log on account needs read access to all files in %ESEC_HOME%\lib folder.
4. The Sentinel service log on account needs read access to all files/folders under the %ESEC_HOME%\Sun-1.4.2 folder.
6. The Sentinel service log on account needs read access to the files %ESEC_HOME%\utilities\.primary_key and %ESEC_HOME%\utilities\.secondary_key (if exists) folder.
7. The Sentinel service log on account needs read access to all files/folders under the %ESEC_HOME%\sentinel\bin folder.
8. The Sentinel service log on account needs read/write access to %ESEC_HOME%\sentinel\bin\.cache folder.
9. The Sentinel service log on account needs read/write access to %ESEC_HOME%\sentinel\bin\map_data folder.
10. The Sentinel service log on account needs read access to all files in %ESEC_HOME%\sentinel\config folder.
11. The Sentinel service log on account needs read access to all files in %ESEC_HOME%\sentinel\lib folder.
12. The Sentinel service log on account needs read/write access to %ESEC_HOME%\sentinel\log folder.
13. The Sentinel service log on account needs read access to the file %ESEC_HOME%\sentinel\scripts\remove_sonic_lock.bat.
For Sentinel Control Center (SCC) client:
1. The windows account who launches SCC needs read/write access to %ESEC_HOME%\configuration.xml and %ESEC_HOME%\.uuid. It will also generate temporary .lck file at this folder.
2. The windows account launching SCC needs read to %ESEC_HOME%\.keystore.
3. The windows account launching SCC needs read access to all files in %ESEC_HOME%\lib folder.
4. The windows account launching SCC needs read access to all files/folders under the %ESEC_HOME%\Sun-1.4.2 folder.
5. The windows account launching SCC needs read access to all files in %ESEC_HOME%\sentinel\lib folder.
6. The windows account launching SCC needs read access to all files/folders under the %ESEC_HOME%\sentinel\console folder.
7. The windows account launching SCC needs read/write access to %ESEC_HOME%\sentinel\console\log folder.