cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed

New SAS Option - Sets the permissions of the SASUSER library when it is initially created.

Status: Open Submitted by Lapis Lazuli | Level 10 on ‎04-21-2021 10:12 AM
1 Comment (1 New)

Hello,

 

Mirroring the WORKPERMS system option, valid for SAS UNIX/LINUX 

 

https://documentation.sas.com/doc/en/pgmsascdc/9.4_3.5/hostunx/p1bd28x2b4hcwin1b68clthsekf8.htm

 

A new system option - let's call it USERPERMS , would be very useful to harden within SAS

the security of the SASUSER directory path the first time it is created.

 

syntax :

 

USERPERMS < POSIX security profile 700, 775, 750 etc.>

 

ex. -USERPERMS 750  creates the directory with the following permssion profile

drwxr-x---. 2 userid group 4096 Apr 21 14:34 sasuser.v94

 

Valid in configuration files

 

The workarounds exist, of course, but they entail the execution of sensitive system commands like chmod

in an automated script, which is not a good practice in my experience. Permission assignments should never

be run automatically, thats a SPOF large enough to make way for uninvited accesses when the automation itself

malfunctions . Instead, use umask initial value setting like ... WORKPERMS , or soon USERPERMS ?

 

 Comments are welcome,

 

Best Regards,

 

Ronan

 

PS. Sorry if this request duplicates another , I was unable to find a previous one.

See more ideas labeled with:
1 Comment
JuanS_OCS
Amethyst | Level 16
Amethyst | Level 16
‎04-21-2021 11:13 AM
‎04-21-2021 11:13 AM

I love the idea, and not only for SASUSER, but for other directories/libraries as well. It would be very useful.