Manualshelf

Safeguard User's Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
11121314151617181920
Introduction to the Safeguard Subsystem
Safeguard User’s Guide422089-009
1-2
User Authentication
additional control over the authentication process, even though it provides the first
line of defense against intrusion into your files and the entire system.
Authorization—Checking access control lists to determine whether another user
has authority to access your disk files, subvolumes, and processes. You can
designate the specific access authorities that another user may have to your
objects.
Auditing—Recording attempts to access your disk files, subvolumes, and
processes. The Safeguard subsystem can record attempts to access your objects
or to change the protection records associated with them.
User Authentication
The Safeguard subsystem, like Guardian security, authenticates users by ensuring that
only persons who enter a valid user name and associated password can access the
system.
When the Safeguard software is installed, it takes over the existing USERID files,
which contain user records for each user on the system. The Safeguard software
expands user records by adding unique security attributes to them. The security
administrator controls user authentication by modifying these attributes. For example,
the security administrator can use the PASSWORD-MUST-CHANGE attribute to
require that users change their passwords every 30 days. Similarly, the security
administrator can temporarily suspend a user ID so the user with that ID cannot access
the system.
As a general user, you need to be aware of how the security administrator has defined
your user authentication record. This is particularly important if you are required to
change your password at regular intervals or if your disk files have been assigned
some default security protection. Section 6, Obtaining User and Alias Information,
describes how you can check your user authentication record.
Object Authorization
Disk files, subvolumes, and processes are objects. To specify Safeguard protection for
an object, you add a protection record for that object to the Safeguard database. When
you add an object to the Safeguard database, that object is no longer subject to
Guardian security settings. The Safeguard software creates an authorization record
that contains the security attributes pertaining to that object. You (or whoever owns the
authorization record) can modify these attributes with SAFECOM commands.
SAFECOM is the Safeguard command interpreter.
You protect an object by defining an access control list with the ACCESS attribute.
Access control lists specify who can access an object and what authorities they have.
The authorities assigned to a disk file or subvolume—READ, WRITE, EXECUTE,
PURGE, CREATE, and OWNER—indicate the functions a user can perform on that
object.