BookmarkSubscribeRSS Feed
siddhu1
Quartz | Level 8

Hi ,

 

We have an issue with SAS Studio environment , where there are some files(html, SGPanel.png, temporary excel files And .file) created in the config folder location. Which is not allowed & while investigating we came to know that no one is creating intentionally any of these files in the config location. So this is effecting on both the App Servers (SASApp1-u8 & SASApp2-en).

 

And when we try to change the security permissions – it’s impacting user access.

Config Path: D:\SAS\Config\Lev1\SASApp1-u8

                     D:\SAS\Config\Lev1\SASApp2-en

 

So we request  if anyone help us on identifying  which process is creating these files and how to prevent this. Any resolution on this.

 

Current version: 9.04.01M7

Operating System:   WX64

 

siddhu1_0-1653572871352.png

 

Thanks & Regards,

Siddhartha

 

 

7 REPLIES 7
Tom
Super User Tom
Super User

I suspect that is the folder that is the current working directory when your SAS sessions are started.

You can confirm by starting a new SAS session and running something like this to see where you are.

filename here '.';
%put %sysfunc(pathname(here));

There should be no need for normal users to have write access to that folder (or any part of the SAS system files).  That should not prevent them from running SAS.  It might well cause the code that is currently writing those file to produce an ERROR, which would mean you could find the problem code and fix it.

SASKiwi
PROC Star

Judging by the files in your screenshot these are created by different users not including a path when writing external files. As already stated by @Tom setting your D drive permissions to read-only for normal SAS users should fix the problem.

siddhu1
Quartz | Level 8
Thanks for the reply.
I have checked that the Users has read-only permissions in the D drive config folder.
Any help on, how to go further on this.

Thanks & Regards,
Siddhartha
ballardw
Super User

@siddhu1 wrote:
Thanks for the reply.
I have checked that the Users has read-only permissions in the D drive config folder.
Any help on, how to go further on this.

Thanks & Regards,
Siddhartha

If the USERS don't have write permissions perhaps the ADMIN, or someone with permissions, has run some code that did this?

SASKiwi
PROC Star

@siddhu1  - Check the properties of those files in Windows Explorer. In the Details tab you will find the owner. That will tell you which OS account created them.

Nigel_Pain
Lapis Lazuli | Level 10

I've been seeing this too, and it looked like users only had Read and Execute permissions. However, on a bit of deeper delving, I discovered that there's a special access set for users. You may see this if you go into the advanced security settings. Under this, users have Append and Create permissions. Actually, the best way I found to see this was with the Powershell get-acl cmdlet:

 

 

PS E:\SAS\config\Lev1\SASApp> Get-Acl E:\SAS\config\Lev1\SASApp |Select-Object -ExpandProperty access |ft -property IdentityReference,AccessControlType,FileSystemRights -AutoSize

IdentityReference      AccessControlType            FileSystemRights
-----------------      -----------------            ----------------
BUILTIN\Administrators             Allow                 FullControl
********\sassrv                    Allow ReadAndExecute, Synchronize
BUILTIN\Administrators             Allow                 FullControl
NT AUTHORITY\SYSTEM                Allow                 FullControl
CREATOR OWNER                      Allow                   268435456
BUILTIN\Users                      Allow ReadAndExecute, Synchronize
BUILTIN\Users                      Allow                  AppendData
BUILTIN\Users                      Allow                 CreateFiles

 

So I'm guessing that removing this Special access would resolve the problem.

Sajid01
Meteorite | Level 14

It appears this question is a corollary of your other question Unwanted file in the Config folder - SAS Support Communities. As I have suggested in that question apparently a macro is being used to create path or a component of path that may not be existing.
Suggestion by @Nigel_Pain may help in prevent the process of files being written to the folder, but underlying cause needs to be addressed.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 7 replies
  • 1210 views
  • 0 likes
  • 6 in conversation