Guidelines for Operating System Security
Follow these guidelines regarding operating system security:
-  
                     There should be a single user identity that runs the KVStore software. 
-  
                     The data store user should be in its own group, independent of other users. 
-  
                     JE log files, audit log files, and password stores should have mode 0600 on Linux/UNIX platforms with equivalent settings for Windows systems. The simplest way to achieve this on Linux/UNIX is to set an umask of 0077. 
-  
                     Security configuration files must be write-protected. 
-  
                     The $KVROOT directory and the security directory must be protected from modification by other users. On UNIX/Linux this should include having the sticky bit (01000) set in order to prevent renaming and deletion of files/directories. 
-  
                     Access to the systems that are running the data store should be limited in order to avoid the risk of tampering. Note: Access protections do not guard against users who have sufficiently elevated access rights (for example, the UNIX root user).