Manualshelf

Safeguard User's Guide (G06.24+, H06.03+)

ManualsBrandsHP ManualsServerHP Integrity NonStop H-Series
21222324252627282930
Introduction to the Safeguard Subsystem
Safeguard User’s Guide422089-009
1-7
Components of the Safeguard Subsystem
install the Safeguard software on a single node in your network, on a few nodes, or on
every node.
Components of the Safeguard Subsystem
The Safeguard subsystem consists of three major processes and several security
database files. The following Safeguard components reside on every system on which
the Safeguard software is installed:
A subject database, which contains a user authentication record for every user and
alias on the system
Object databases, which contain object authorization records for every object
under control of the Safeguard software
SAFECOM, the Safeguard command interpreter, which allows you to communicate
with the Safeguard subsystem
SMON, the Security Monitor, which authorizes all attempts to access protected
objects
SMP, the Security Manager Process, which is responsible for managing all
changes to the subject and object databases and for authenticating user logon
attempts
Who Can Use the Safeguard Subsystem?
To use the Safeguard command interpreter, you must have EXECUTE authority for the
SAFECOM program. Your security administrator can limit this authority to certain users
by creating an access control list for the SAFECOM program file. This manual
assumes that you have execute authority for the SAFECOM program.
Initially, SAFECOM limits what certain classes of users can do. Normally, general users
can protect their own disk files, subvolumes, and processes with the Safeguard
software. General users can also manage the access control lists associated with their
disk files, subvolumes, and processes.
The security administrator can decide to limit or expand any user's authorities to suit
the company's security policy. In certain instances you might be given additional
authority. For example, your system administrator could add an object such as a printer
to the Safeguard database and then grant owner authority to you as a general user.
With owner authority, you can manage the access control list for that printer.