Safeguard Reference Manual (G06.24+, H06.03+ )
Safeguard Subsystem Commands
Safeguard Reference Manual—520618-013
16-2
STOP SAFEGUARD Command
STOP SAFEGUARD Command
STOP SAFEGUARD stops each Security Monitor (SMON) process and the Safeguard
Security Manager Process (SMP) pair. The command also stops an event-exit process
if one is running. After these processes are stopped, disk files that have Safeguard
protection can be accessed only by the primary owner, the owner’s group manager,
and the super ID. Attempts to access other system objects are subject only to access
controls provided by the standard Guardian security system.
Only members of the SECURITY-ADMINISTRATOR security group can use the STOP
SAFEGUARD command. If that group has not been defined, only the local super ID
can use the STOP SAFEGUARD command.
To restart the Safeguard software, you must start the SMP as described the Safeguard
Administrator’s Manual.
disables Safeguard authorization checks and access auditing for all local protected
objects and stops all SMON and SMP processes in the local system.
Considerations
•
Disk file security following a STOP SAFEGUARD command
After the execution of the STOP SAFEGUARD command, each disk file that was
under Safeguard control becomes accessible only to the primary owner, the
owner’s group manager, and the super ID. If it is necessary to reestablish Guardian
security for these files, the super ID can do so by using FUP SECURE.
•
Volume and subvolume security following a STOP SAFEGUARD command
After the execution of the STOP SAFEGUARD command, any user can create a
disk file on any subvolume in the system.
•
Device security following a STOP SAFEGUARD command
Following the execution of the STOP SAFEGUARD command, any user can
access any device attached to the system.
•
Named-process security following a STOP SAFEGUARD command
Following the execution of the STOP SAFEGUARD command:
°
Any user can create a process with any legal process name.
°
Any user can access any named process.
Note. If the Safeguard software has been included as part of the operating system during
system generation, the STOP SAFEGUARD command is accepted but ignored. In this case,
the Safeguard software cannot be disabled while the system is operational.
STOP [ SAFEGUARD ]