1. Security Practices Guide
  2. Installation
  3. Application Server Security
  4. Secure the WebLogic Server installation
  5. File System Access to OS Users

4.3.3.3 File System Access to OS Users

Access rights to the Oracle Home, WebLogic Server product directory, and the WebLogic domain directories should be provided only to the WebLogic Owner user. Privileged users will anyway have access to the WebLogic Server installation, by default.

Users in the Others category can be restricted from reading the afore-mentioned directories.

Ensure that the following files in the WebLogic installation are available only to the WebLogic owner:
  • The security LDAP database which is usually located in the WL_HOME\user_projects\domains\ DOMAIN_NAME\servers\SERVER_NAME\data\ldap\ldapfilesdirectory.
  • The keystore used in the keystore configuration of the server(s).
  • The Root Certificate Authority keystore.

Oracle WebLogic Server provides persistent stores for several subsystems, some of which are utilized by the application. Ensure that access to the persistent file stores based on files is restricted to the WebLogic owner OS user. The default persistent file store is located in the path $DOMAIN_HOME\<domain>\servers\<servername>\data\store\default directory. If custom (user-defined) persistence stores have been created, the same restrictions should be applied on the files and directories used by such stores.

Parent topic: Secure the WebLogic Server installation