The service configuration files such as the JNDI configuration file,jndi-config.xml, and the Web service deployment descriptor, server-config.wsdd, located in the $GLOBUS_LOCATION/etc/globus_wsrf_replicator directory, contain sensitive information such as database username and password. It is important to ensure that these files are readable only by the system administrator that is responsible for the container. During deployment, the permissions on these files are adjusted automatically, however, you should verify the permissions to ensure that they have been correctly set for your specific platform.

Creating a Replicator requires that the user supply a delegated credential to the DRS during the initial creation request. The service retrieves the delegated credential from the Delegation Service and stores it on the file system. As part of the DRS configuration (see installation and configuration instructions), the user selects a directory to use for storage of delegated credentials. The default setting is for the DRS to store the file in the system's designated temporary directory (e.g., /tmp on many platforms). The service sets the permissions on the temporary file such that it can only be accessed by the user account used to run the container.