search cancel

Indexing in a non-standard partition on RHEL

book

Article ID: 162605

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

Customer has chosen to use a non-standard partition for DLP.  They have symbolic links so that DLP works correctly but indexing (EDM/IDM) does not work.

SEVERE [com.vontu.manager.struts.ProtectActionProcessor] access denied ("java.io.FilePermission" "<path>/datafiles/upload_temp" "write")
Cause:
java.security.AccessControlException: access denied ("java.io.FilePermission" "<path>/datafiles/upload_temp" "write")

 

SEVERE [com.vontu.profiles.manager.database.DataSourceIndexCreator] Unexpected exception while creating EVENT_PARAMETER_I18NKEY##profiles.message.Exact_Data_Profile_Version##<EDM Name>##<version>
Cause:
java.security.AccessControlException: access denied ("java.io.FilePermission" "<path>/index/DataSource.x.x.idx" "delete")

 

SEVERE [com.vontu.profiles.manager.database.DataSourceIndexCreator] Unexpected error occurred while creating EVENT_PARAMETER_I18NKEY##profiles.message.Exact_Data_Profile_Version##5##1. access denied ("java.io.FilePermission" "<path>/index/DataSource.x.x.idx" "delete")

Cause

Even though symbolic links have been created and DLP is functioning fine the underlying Java architecture cannot follow symbolic links for file/directory operations (such as write or delete).  This can be proven by creating the expected folder structure, putting the source files in place, and attempting an index again (it will succeed).  The cause is two-fold; first we need to tell DLP where to look for index data then we need to tell Java it has the needed permissions.

Resolution

In order to index in a non-standard partition/directory setup we need to modify the manager.policy file as well as the Protect.properties file.
 

manager.policy
We will need to give Java permission to operate in the new folder.  To do this, find the two entries for:
permission java.io.FilePermission "/var/SymantecDLP${/}-", "read,write,delete";

 

Copy this line and paste it immediately below.  Modify the "/var/SymantecDLP" with the new partition.  Do this for both entries.  Example:
permission java.io.FilePermission "/var/SymantecDLP${/}-", "read,write,delete";
permission java.io.FilePermission "/data/SymantecRULES${/}-", "read,write,delete";

Make sure to keep the $ at the end.

Save and close the file.


Protect.properties
Modify the following entry:

# location of the EDM and IDM RAM index files (.rdx)
com.vontu.index.dir = /var/SymantecDLP/index

 

Change it to:
com.vontu.index.dir = /path/to/new/partition

Best practices is to create a backup.  Easiest way is to copy/paste the line, comment out the original, and modify the copy.  Example:
#com.vontu.index.dir = /var/SymantecDLP/index
com.vontu.index.dir = /data/SymantecRULES/index


Save and close the file.

Restart VontuManager and VontuMonitorController services.