Skip to Content
Author's profile photo Former Member

SSFS configuration in linux

Hi All,

Its mandatory to have SSFS (secure store file system) if we are going to upgrade/installation of Netweaver 7.4.

I am providing you the steps to do in Linux os and database oracle 11g.

1.  create following directories

mkdir /sapmnt/SID/global/security

mkdir /sapmnt/SID/global/security/rsecssfs

mkdir /sapmnt/SID/global/security/rsecssfs/data

mkdir /sapmnt/SID/global/security/rsecssfs/key

2.  Securing the directories created. Change the permissions as mentioned below


      chmod 700 /sapmnt/SID/global/security

chmod 700 /sapmnt/SID/global/security/rsecssfs

chmod 700 /sapmnt/SID/global/security/rsecssfs/data

chmod 700 /sapmnt/SID/global/security/rsecssfs/key

3. Maintaining the SSFS profile parameters

Set the following profile parameter in DEFAULT.PFL

      rsec/ssfs_datapath = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)data
      rsec/ssfs_keypath  = $(DIR_GLOBAL)$(DIR_SEP)security$(DIR_SEP)rsecssfs$(DIR_SEP)key

4. Add following lines in environment variable .dbenv_server.csh & .dbenv.csh as SIDADM and after setting logout and login again.



       setenv RSEC_SSFS_DATAPATH /usr/sap/SID/SYS/global/security/rsecssfs/data

       setenv RSEC_SSFS_KEYPATH /usr/sap/SID/SYS/global/security/rsecssfs/key

5.Creating entries in SSFS storage

       rsecssfx put DB_CONNECT/DEFAULT_DB_USER <schema> -plain
       rsecssfx put DB_CONNECT/DEFAULT_DB_PASSWORD *******

       Please ignore ‘!’ as character, it doesnot accept it.

6.rsecssfx list

        Will list the key and data in below path respectively




7. Goto /sapmnt/SID/global/security/rsecssfs/data and check for the SSF_SID.DAT file. It should have permission 600

8. Changing to the new connection method

set the below profile parameter in DEFAULT.PFL

rsdb/ssfs_connect = 1

set the environment variable also in .dbenv_server.csh & .dbenv.csh for sidadm,

setenv rsdb_ssfs_connect 1

9. Restart the SAP system with database

   goto work directory

   view dev_w0 trace and look out for ssfs entries



Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Ramazan EKINCI
      Ramazan EKINCI

      Hello Karthik,

      it's useful document. thank you.