Safeguard Reference Manual (G06.24+, H06.03+ )

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series

371

372

373

374

375

376

377

378

379

380

Process and Subprocess Security Commands

Safeguard Reference Manual—520618-013

11-3

Stopping a Process With a Protected Name

The Safeguard software distinguishes between local and remote open requests. A

remote open request is one made by a process that was created by a network user

logged on to a remote system.

If a process is remote with respect to the process or subprocess that it is attempting to

open, the opener’s PAID must identify a network user who has been granted remote

access to the process or subprocess. Otherwise, the open request is rejected with a

security violation (file error 48).

For example, suppose a remote process with a PAID of 4,5 attempts to open a process

running under a protected name. The ACL defined for the process running under a

protected name must grant READ or WRITE authority to \*.4,5, \*.4,*, or \*.*,*.

Otherwise, the Safeguard software rejects the open request with a security violation

(file error 48).

An open request that has passed a Safeguard authorization check can nevertheless

fail. For example, if a process attempts to open a process that is already opened by

another process that has exclusive access, the open attempt fails with file error 12 (file

in use). For more information, see the Guardian Procedure Calls Reference Manual.

Stopping a Process With a Protected Name

If a user attempts to stop a process that is running under a protected name, the

Safeguard software checks the ACL for the process name to determine whether the

user has PURGE authority. If the user has PURGE authority, the Safeguard software

allows the process to be stopped. If the user does not have PURGE authority, the stop

request is rejected with a security violation error (file error 48). However, the user who

created the process is allowed to stop the process even if an ACL is present that

prevents the user from doing the same.

If you create the special NAMED and UNNAMED process protection records, certain

users can be given PURGE authority for all named or unnamed processes. A user is

allowed to stop any process it started as long as the process is still running under that

ID. For more information, see Special NAMED and UNNAMED Process Protection

Records on page 11-4.

Process and Subprocess Ownership

A process or subprocess has no authorization record until it is placed under Safeguard

control. By default, any user can add a process or subprocess authorization record.

For more information on how to restrict who can add process and subprocess

authorization records, see PROCESS on page 12-2 or SUBPROCESS on page 12-2.

Every authorization record has an OWNER attribute that contains the user ID that can

manage the Safeguard access controls for the process or subprocess.

However, the user who adds the record can set the OWNER attribute to the user ID of

any user (by including an OWNER specification in a SET PROCESS or

SUBPROCESS or ADD PROCESS or SUBPROCESS command). Thus the owner of a

process or subprocess need not be the user who added the record. The owner of a

protected process or subprocess authorization record can also transfer ownership to