Overview

Full access to files is not secure since it can happen that the attacker gets access to highly sensitive information, e.g. from application log files.

It is recommended to set file permissions according to the principle of least privilege.

Since there is no functional necessity for the files containing highly sensitive to be world-readable, the permission should be limited. 

This article describes how to specify the privileges satisfying high-security requirements.

Limiting permissions for FIXEdge installation

It is assumed that FIXEdge was installed according to FIXEdge installation on Linux. Step by step instruction

The guide using /home/user/B2BITS/FIXEdge as FIXEdge installation directory

  1. Restrict access to group and other users and remove write permissions for the installation.

    cd /home/user/B2BITS
    chmod -R u-w  FIXEdge/
    chmod -R go-rwx  FIXEdge/
    Make sure that executable rights for executables are not affected.
  2. Enable write permissions for logs directories for FIXEdge and fixicc-agent:

    chmod -R u+w FIXEdge/FIXEdge1/log/
    chmod -R u+w FIXEdge/fixicc-agent/logs/
    chmod -R u+w FIXEdge/fixicc-agent/tmp/

The minimal access rights configuration required writing access only for FIXEdge logs, fixicc-agent logs and fixicc-agent metadata ( FIXEdge/fixicc-agent/tmp/).

Allow configuration changes

In case, when it is required to perform changes in configuration, e.g. to add a new session. 

The following commands enable changes in the configuration:

chmod -R u+w  FIXEdge/FIXEdge1/conf
chmod -R u+w  FIXEdge/fixicc-agent/conf
The configuration with read-only permissions protects the system from regressions

Check permissions

Make sure that permissions are set only for the current user.

ls -l FIXEdge/

Other notes