Before you begin
WebSphere Application Server depends on several configuration files created during installation. These files contain password information and need protection. Although the files are protected to a limited degree during installation, this basic level of protection is probably not sufficient for your site. Verify that these files are protected in compliance with the policies of your site.
The files in the install_root/profiles/profile_name/config and install_root/profiles/profile_name/properties , except for those in the following list, need protection. For example, give permission to the user who logs onto the system for WebSphere Application Server primary administrative tasks. Other users or groups, such as WebSphere Application Server console users and console groups, who perform partial WebSphere Application Server administrative tasks, like configuring, starting servers and stopping servers, need permissions as well.
Steps for this task
It is recommended that you assign ownership of the files that contain password information to the user who runs the application server. If more than one user runs the application server, provide permission to the group in which the users are assigned in the user registry.
For example, you might issue the following command: chmod 770 file_name where file_name is the name of the file listed previously in the install_root/profiles/profile_name/properties directory. These files contain sensitive information such as passwords.
Result
After securing your environment, only the users given permission can access the files. Failure to adequately secure these files can lead to a breach of security in your WebSphere Application Server applications.What to do next
If failures occur that are caused by file accessing permissions, check the permission settings.