Content Delivery security settings: file system permissions
The following list shows the required file system settings for Content Delivery:
- Directory: %TRIDION_HOME%\bin
-
Access level:
ReadandExecuteaccess for the following users:tcdcachingtcddeployer
Reason:
Proper system functionality (instantiate tcdbroker objects, open folders)
- Directory: %TRIDION_HOME%\config
-
Access level:
Readaccess for the following users:tcdcachingtcddeployer
Reason:
XML configuration files
- Directory: all file system storage locations configured in the Storage Layer configuration
-
Access level:
Read,WriteandExecuteaccess for the following users:tcddeployer
Reason:
Target to save metadata to when using file system as storage.
- Directory: %TRIDION_HOME%\lib
-
Access level:
Readaccess for the following users:tcdcachingtcddeployer
Reason:
SDL Tridion JAR files
- Directory: %TRIDION_HOME%\log
-
Access level:
Writeaccess for the following users:tcdcachingtcddeployer
Also, in a Windows environment,
writeaccess for the user associated with the Default Application Pool.Reason:
Logging purposes
- Directory: HKLM\Software\JavaSoft\Java Runtime Environment
-
Access level:
Readaccess for the following users:tcdcachingtcddeployer
Reason:
Runtime check for Java environment
- Directory: Java Runtime and SDK Environment
-
Access level:
ReadandExecuteaccess for the following users:tcdcachingtcddeployer
- File: Java executable (/bin)
-
Access level:
ReadandExecuteaccess for the following users:tcdcachingtcddeployer
- Directory: JRE / runtime libraries
-
Access level:
Readaccess for the following users:tcdcachingtcddeployer
- Directory: Queue location
-
Access level:
Modifyaccess for the usertcddeployer. - Directory: Logging directory
-
Access level:
Modifyaccess for the usertcddeployer. - Directory: Input directory (incoming) for HTTP(S)
-
Access level:
Modifyaccess for the usertcddeployer.