sedex Client’s folder structure
Folders and their permissions¶
The sedex participants (and their IT staff) are responsible for the secure and stable operation of the sedex client.
Adapted to the individual requirements, the access rights to the folders and files of the sedex client must be limited as closely as possible. I.e. only the authorized users should have the permissions they really need to perform their tasks. The table below gives an overview of the different folders and files.
Notes:
- Because the sedex Client can install software updates itself, the user with which it runs must have write access to the sedex Client’s root folder (denoted as
<sedex_home>) and all of its subfolders and contents. - As of version 6.0, the sedex Client has a significantly different file structure. The restriction of permissions must therefore be adapted to the new structure.
The following table shows the default subfolder structure of the sedex Client’s root folder and the folders' required access permissions:
- The (ae) folders must be accessible to an administrator and business applications in order to use the sedex Client.
- The (a) folders must be accessible to an administrator in order to configure and operate the sedex Client.
- The (c) folders are used exclusively by the sedex Client and should not be accessible to business applications.
| Folder | Description |
|---|---|
| apps (c) | The application libraries required by the sedex Client in order to run. |
| bin (a) | The end-user scripts for starting and stopping the sedex Client. Administrators should use these scripts to start/stop the sedex Client or to install it as a service/daemon. |
| conf (a) | The sedex Client’s configuration files: sedex-client-configuration.properties ➔ The main configuration file. certificateConfiguration.xml ➔ The configuration file for certificates, key-stores and trust-stores. sedex-wsproxy-user-configuration.properties ➔ The configuration file for users and passwords of the optional sedex Web Service Proxy. |
| interface (ae) | The messaging interface between the sedex Client and the business application. Note: These folders can be configured to exist outside of the |
| internal (c) | Internal files, which are managed by the sedex Client itself and must not be touched by a business application. |
| jre (c) | Java Runtime Environment, JRE Note: The JRE is only installed automatically on Windows systems. |
| logs (a) | Default folder for all log files. Note: These folders may be configured to exist outside the |
| message-state (c) | Stores the status of messages while they are being sent and received. Note: Manipulation of this folder can lead to the loss of messages and receipts. |
| monitoring (a) | Monitoring page with information about the sedex Client’s operational status Note: This monitoring page can also be read over the network via an HTTP port. See Monitoring for details on the monitoring page. |
| service-wrapper (c) | The files needed to install the sedex Client as Windows service or Linux daemon. |
Best practices regarding folders¶
It is recommended to define folders for the interface, logs, and monitoring files which are not subfolders of the sedex Client’s root folder. This has several advantages:
- The location of a sedex Client installation can be changed or a sedex Client can be migrated without requiring changes to the business applications.
- Different system-level privileges can be set for the folders and the sedex Client installation itself.
- It is not recommended to run the sedex client on a shared multi-user host.