Setting the umask value in RSA Identity Governance & Lifecycle
Originally Published: 2017-09-22
Article Number
Applies To
Tasks
This article provides some general information about the 'umask' command and how exactly its relevant to RSA Identity Governance and Lifecycle.
The questions below about the umask command will be addressed in the article.
- Does the umask value always need to be set to '0022' in RSA Identity Governance and Lifecycle? Or, does it need to be set to this value only for a specific set of users?
- Does the umask value only need to be changed for the installation? Can it be changed back after the installation or is there a process which requires it?
- Does the installer check .bashrc or any other configuration files?
Resolution
You can setup umask in /etc/bashrc or /etc/profile file for all users. By default in most Linux system it is set to 0022 (022) or 0002 (002).
In RSA Identity Governance & Lifecycle, you are only concerned about below three OS users : (Below mentioned are OS users, not DB users)
- root
- oracle (the RSA Identity Governance and Lifecycle application runs as oracle)
- admin
In RSA Identity Governance & Lifecycle you can see from the /etc/profile or ~/.bashrc files that all of the above mentioned users have umask set to 0022. (022)
Does the umask value always need to be set to '0022' in RSA Identity Governance and Lifecycle? Or, does it need to be set to this value only for a specific set of users?
The umask value need not be changed while installing RSA Identity Governance & Lifecycle. It is usually set to default value (0022) for OS users.
Does the umask value only need to be changed for the installation? Can it be changed back after the installation or is there a process which requires it?
The umask value can be changed if required after installation. If you want all the directories/files to be created with specific permissions then the umask value needs to be changed. However, it is not recommended to change it, specifically when it is an RSA Identity Governance & Lifecycle environment. (i.e. keep it as 0022 which is the default value)
Does the installer check .bashrc or any other configuration files?
Every time you log in to a Linux system, a .bash_profile file is executed. The .bash_profile file is nothing but a combination of environment variable scripts and the umask command as seen in the output below.
. ~/setAFXEnv.sh . ./setDeployEnv.sh umask 022
You can also see below that the installer checks and performs all of these tests.
Running test : checkTotalMemory Running test : checkOracleRPMsPreReqs Running test : checkEtcHosts Running test : checkFqdnHasDomainFormat Running test : checkSwapSpace Running test : checkMinDiskSizes Running test : checkEntitlementPrereqs passwd oracle 500 Running test : checkEntitlementMatchingId passwd oracle 500 1 Running test : checkEntitlementPrereqs group oinstall 500 Running test : checkEntitlementPrereqs group dba 501 Running test : checkASMKernelDriver /opt/appliancePatches/asmlib Running test : checkUserInGroups oracle groupArray[@] Running test : checkRunLevel expectedRunlevels[@] Running test : checkEtcSecurityLimits oracle hard nofile 65536 Running test : checkEtcSecurityLimits oracle soft nofile 1024 Running test : checkEtcSecurityLimits oracle hard nproc 16384 Running test : checkEtcSecurityLimits oracle soft nproc 2047 Running test : checkEntitlementMatchingId passwd root 0 1 Running test : checkUserNotInGroup oracle root Running test : checkUMASK 0022 Running test : checkDNSResolution Running test : checkShmMount Running test : checkBootMount Running test : checkAFXPermissions oracle /home/oracle/AFX
From the above explanation it is clear that the installer does check .bashrc and any other configuration files necessary to perform the installation.
Notes
For more details about the umask command, refer to the following link: https://askubuntu.com/questions/44542/what-is-umask-and-how-does-it-work/276958
If a new user is created in the environment, it is the customer's responsibility to decide what the umask value needs to be as they would not be one of the three RSA-supplied users for use with RSA Governance & Lifecycle.
The Aveksa Installer always checks Aveksa_System.cfg.
Related Articles
Request could not be handled error in RSA Identity Governance & Lifecycle Request Forms Number of Views Canceled Change Requests show as Canceled by System instead of the User who Canceled the Request in RSA Identity Governanc… Number of Views Authentication failing with F5 Big Iron F5 Load Balancer version 11.5 or 11.6 with no entries in the Authentication Manage… Number of Views RSA Announces the Release of RSA MFA Agent 2.4 for Microsoft Windows Number of Views Clearing bad passcodes in Security Console gives: “There was a problem processing your request. Cannot have concurrent use… Number of Views
Trending Articles
Troubleshooting RSA SecurID Access Identity Router to RSA Authentication Manager test connection failures RSA SecurID Software Token 5.0.2 Downloads for Microsoft Windows RSA Authentication Manager 8.9 Release Notes (January 2026) Quick Setup Guide - Passwordless Authentication in Windows MFA Agent for Active Directory RSA Authentication Manager 8.8 Setup and Configuration Guide
Don't see what you're looking for?
