Content Delivery security settings: file system permissions

The following list shows the required file system settings for Content Delivery:

Directory: %TRIDION_HOME%\bin

Access level:

Read and Execute access for the following users:

  • tcdcaching
  • tcddeployer

Reason:

Proper system functionality (instantiate tcdbroker objects, open folders)

Directory: %TRIDION_HOME%\config

Access level:

Read access for the following users:

  • tcdcaching
  • tcddeployer

Reason:

XML configuration files

Directory: all file system storage locations configured in the Storage Layer configuration

Access level:

Read, Write and Execute access for the following users:

  • tcddeployer

Reason:

Target to save metadata to when using file system as storage.

Directory: %TRIDION_HOME%\lib

Access level:

Read access for the following users:

  • tcdcaching
  • tcddeployer

Reason:

SDL Tridion JAR files

Directory: %TRIDION_HOME%\log

Access level:

Write access for the following users:

  • tcdcaching
  • tcddeployer

Also, in a Windows environment, write access for the user associated with the Default Application Pool.

Reason:

Logging purposes

Directory: HKLM\Software\JavaSoft\Java Runtime Environment

Access level:

Read access for the following users:

  • tcdcaching
  • tcddeployer

Reason:

Runtime check for Java environment

Directory: Java Runtime and SDK Environment

Access level:

Read and Execute access for the following users:

  • tcdcaching
  • tcddeployer
File: Java executable (/bin)

Access level:

Read and Execute access for the following users:

  • tcdcaching
  • tcddeployer
Directory: JRE / runtime libraries

Access level:

Read access for the following users:

  • tcdcaching
  • tcddeployer
Directory: Queue location

Access level:

Modify access for the user tcddeployer.

Directory: Logging directory

Access level:

Modify access for the user tcddeployer.

Directory: Input directory (incoming) for HTTP(S)

Access level:

Modify access for the user tcddeployer.