| For UNIX Systems: |
log on using the Oracle software owner account and enter the command:
If the value returned is 022 or more restrictive, this is not a finding.
If the value returned is less restrictive than 022, this is a finding.
The first number sets the mask for user/owner file permissions. The second number sets the mask for group file permissions. The third number sets file permission mask for other users. The list below shows the available settings:
0 = read/write/execute
1 = read/write
2 = read/execute
3 = read
4 = write/execute
5 = write
6 = execute
7 = no permissions
Setting the umask to 022 effectively sets files for user/owner to read/write, group to read and other to read. Directories are set for user/owner to read/write/execute, group to read/execute and other to read/execute.
For Windows Systems:
Review the permissions that control access to the Oracle installation software directories (e.g. \Program Files\Oracle\).
DBA accounts, the DBMS process account, the DBMS software installation/maintenance account, SA accounts if access by them is required for some operational level of support such as backups, and the host system itself require access.
Compare the access control employed with that documented in the System Security Plan.
If access controls do not match the documented requirement, this is a finding.
If access controls appear excessive without justification, this is a finding.