Skip to Content
Author's profile photo Former Member

SSFS configuration in linux

Hi All,

Its mandatory to have SSFS (secure store file system) if we are going to upgrade/installation of Netweaver 7.4.

I am providing you the steps to do in Linux os and database oracle 11g.

1.  create following directories

mkdir /sapmnt/SID/global/security

mkdir /sapmnt/SID/global/security/rsecssfs

mkdir /sapmnt/SID/global/security/rsecssfs/data

mkdir /sapmnt/SID/global/security/rsecssfs/key

2.  Securing the directories created. Change the permissions as mentioned below


      chmod 700 /sapmnt/SID/global/security

chmod 700 /sapmnt/SID/global/security/rsecssfs

chmod 700 /sapmnt/SID/global/security/rsecssfs/data

chmod 700 /sapmnt/SID/global/security/rsecssfs/key

3. Maintaining the SSFS profile parameters

Set the following profile parameter in DEFAULT.PFL

      rsec/ssfs_datapath = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)data
      rsec/ssfs_keypath  = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)key

4. Add following lines in environment variable .dbenv_server.csh & .dbenv.csh as SIDADM and after setting logout and login again.



       setenv RSEC_SSFS_DATAPATH /usr/sap/SID/SYS/global/security/rsecssfs/data

       setenv RSEC_SSFS_KEYPATH /usr/sap/SID/SYS/global/security/rsecssfs/key

5.Creating entries in SSFS storage

       rsecssfx put DB_CONNECT/DEFAULT_DB_USER <schema> -plain
       rsecssfx put DB_CONNECT/DEFAULT_DB_PASSWORD *******

       Please ignore ‘!’ as character, it doesnot accept it.

6.rsecssfx list

        Will list the key and data in below path respectively




7. Goto /sapmnt/SID/global/security/rsecssfs/data and check for the SSF_SID.DAT file. It should have permission 600

8. Changing to the new connection method

set the below profile parameter in DEFAULT.PFL

rsdb/ssfs_connect = 1

set the environment variable also in .dbenv_server.csh & .dbenv.csh for sidadm,

setenv rsdb_ssfs_connect 1

9. Restart the SAP system with database

   goto work directory

   view dev_w0 trace and look out for ssfs entries



Assigned Tags

      You must be Logged on to comment or reply to a post.
      Author's profile photo Ramazan EKINCI
      Ramazan EKINCI

      Hello Karthik,

      it's useful document. thank you.

      Author's profile photo Ramakrishna puppala
      Ramakrishna puppala

      Hello Karthik,

      Nice blog. Hope the above steps will helpfull for me today.  As i have to perform the SSFS steps today. If issue comes i will update the error log here.


      Thank you.