Protected folders and accounts

SecureTransport maintains a list of directories which you should not use for home folders for user or service accounts. This type of directory is called a protected folder. Protected folders are identified by a specific prefix in the path. The following table lists the prefixes used by default.

Virtual accounts can be purged using SecureTransport, provided these accounts are not in a protected folder.

SecureTransport provides the following precautions that are built-in to prevent accidental or malicious account deletion:

  • Paths are converted to equivalent paths without any "." or ".." directories.
  • The user home folder cannot directly, or indirectly through a symbolic link, refer to any of the protected directories.
  • If the entry for a user home folder is not a directory, it is not purged.
  • If the user home folder begins with any of the protected home folder prefixes, the account is not purged.
Platform Protected home folder prefixes
Oracle Solaris, AIX, Linux, Axway Appliance /audit /bin /boot /dev
/etc /kernel /lib /lpp
/mnt /modules /net /opt
/platform /proc /root
/sbin /stand /sys /tftp
/usr /var /vol
Windows (in Cygwin Format) (none)
Note You can add to the list of protected folders by modifying the UnsafePaths server configuration option. When adding a folder name that contains spaces, use quotes around the path so the entire path is recognized, for example, "/user 1/". Do not remove any of the default protected folder prefix. Make the change on all servers in your Standard Cluster (SC) or Enterprise Cluster (EC).

Related topics:

Related Links