IBM Support

The /tmp/javasharedresources Java cache directory has 777 permissions

Troubleshooting


Problem

On Central Server 2, 3 and 4 for IBM SmartCloud Orchestrator, the /tmp/javasharedresources directory has 777 permissions, which is a potential security exposure.

Diagnosing The Problem

When you run the ls -al /tmp/javasharedresources command, you see the following directory permissions:
drwxrwxrwx   2 root root    

Resolving The Problem

Central Server 3

On Central Server 3, the Java™ cache is updated with 777 permissions each time the IBM Workload Deployer service is started. Use the sticky bit to change the permissions on the Java cache directory to a more secure 1777. To make this change, complete the following steps:

  1. Open the /etc/init.d/iwd file and locate the following line:
    172 "touch /var/lock/subsys/$prog"

  2. Add the following line after the line that was mentioned in the previous step:
    chmod 1777 /tmp/javasharedresources

Central Server 2 and 4

On Central Servers 2 and 4, Java runs under WebSphere Application Server. You can resolve the issue with the Java cache directory permissions by adding the following generic Java virtual machine argument to the servers:
-Xshareclasses:none

After you configure the argument and you restart WebSphere Application Server, the /temp/javasharedresources directory is not used. You can delete the directory on these two systems.The directory should not be automatically recreated after it has been deleted.

The generic JVM arguments are used to configure and adjust how the JVM functions. After the changes are made and applied, the server.xml file, which is the master configuration file, is updated. When the JVM is restarted, the new argument takes affect.

Use the following steps to set the generic JVM arguments in the Administration Console for WebSphere Application Server on Central Server 2 and Central Server 4:

  • Application Server
    1. Expand Servers > Server Type and click WebSphere application servers.
    2. Click the name of your server.
    3. Expand Java and Process Management and select Process Definition.
    4. Under Additional Properties, click Java Virtual Machine.
    5. Scroll down and locate the text box for Generic JVM arguments.
  • Node agent
    1. Select System Administration > Node Agents.
    2. Choose which node agent to edit.
    3. Under Server Infrastructure, expand Java and Process Management and select Process Definition.
    4. Under Additional Properties, click Java Virtual Machine.
    5. Scroll down and locate the text box for Generic JVM arguments.
  • Deployment Manager
    1. Select System Administration > Deployment manager.
    2. Under Server Infrastructure, expand Java and Process Management and select Process Definition.
    3. Under Additional Properties, click Java Virtual Machine.
    4. Scroll down and locate the text box for Generic JVM arguments.

[{"Product":{"code":"SS4KMC","label":"IBM SmartCloud Orchestrator"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"Security","Platform":[{"code":"PF016","label":"Linux"}],"Version":"2.3","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21671740

Page Feedback