Manualshelf

HP-UX SNAplus2 R7 Administration Guide

ManualsBrandsHP ManualsSoftwareHP-UX SNAplus2 Software
141142143144145146147148149150
Managing SNAplus2 from NetView
Using UCF
For each outstanding command (the one currently executing and any queued commands), the following message is
displayed:
= = = UNIX COMMAND CANCELLED = = =
This message indicates that the HP-UX shell in which the command was running has been stopped. Further HP-UX
commands can be issued as necessary.
If a command starts a daemon process on the HP-UX computer, this process may not be stopped by
ux-cancel.
You may need to use the HP-UX kill command (either on a terminal or by using UCF) to stop such a process
explicitly.
If no UCF command is running when ux-cancel is used, UCF displays the following message:
NO OUTSTANDING COMMANDS
In this case, the ux-cancel command is ignored. No action is necessary. This message can be displayed
when the ux-cancel command is issued after the previous command nishes but before the UNIX COMMAND
COMPLETED message is received.
10.3.6 UCF Security
Because the UCF enables a remote operator to issue commands on the HP-UX computer and to receive output from
these commands, it is important to consider the security implications. For example, you need to ensure that the
operator cannot access private information or issue HP-UX commands that can disrupt other users.
The SNAplus2 conguration includes a specic HP-UX system user name as the UCF user; this must be a valid
login ID on the SNAplus2 computer. All UCF commands run with this users ID, and therefore with the access
permissions of this user.
It is intended that you use the normal security features provided by HP-UX to restrict the commands the UCF user
can access, in order to permit only those commands you consider reasonable for use from UCF. The following
guidelines may be useful:
The UCF user name should be one that is used solely for UCF; you should not use an existing login that is also
used for other purposes. This makes it easier to dene the privileges of this user to include only those that are
reasonable for UCF; it also enables you to identify processes that were started using UCF.
You may need to restrict the users and groups for which the UCF user can change a user ID or group ID. In
particular, the UCF user must not be permitted to do the following:
Become root or superuser.
Use the group ID sna, which enables access to the snapadmin program. (The functions of this program
should be accessed using SPCF, as described earlier in this chapter, instead of UCF.)
142