Manualshelf

BackBox H4.00 User Manual

ManualsBrandsHP ManualsServerHP Integrity NonStop J-Series
41424344454647484950
Configuration
48 BackBox H4.00 User Manual
In some enterprise contexts, the regular Guardian security pattern is not directly
applicable; especially when operators cannot be given a Guardian user-id in the
SUPER group.
Then giving the PROGID attribute to BBSV can be a bypass; if BBSV is owned by a
SUPER group member, it will start as if logged-in the SUPER group.
By default, the result of the PROGID attribute on interactive processes running for
the GUI will be overridden by the Sign on initiated by the GUI.
If PROGID attribute must apply to these interactive processes, a special item must
be reset in the BackPak Domain configuration in order to verify the Guardian
user-id/password but not execute the Guardian sign on procedure.
To give PROGID to BBSV:
1. Ensure BBSV is owned by a member of the SUPER group, not SUPER.SUPER
2. Give to BBSV the appropriate security settings and PROGID it
Ex: FUP SECURE BBSV, “NCNC”, PROGID
3. Sign-on the BackPak GUI with SUPER.SUPER or the owner of the BBSV file, and
modify the configuration, at the Domain page, to uncheck this check-box:
“Run interactive processes under the sign on user-ID
Notes:
This actually authorizes all users defined on the NonStop system to operate
with BackPak.
To limit this wide access, the page updating the domain configuration force a real
Sign on before applying the modification. This mean that the user-ID that modifies
the configuration must be authorized in the NonStop operating system to update all
data files: BBSVCFG, BBSVCFGO, VOLUME*, OPER, STATE.
In a way, the “Run interactive processes under the sign on user-ID” flag is always
considered checked for the Configuration update page.
Once “Run interactive processes under the sign on user-ID” is set to false, the
Domain configuration must be modified through the GUI only.
Modifications outside the GUI are effective, but the special setting “Run interactive
processes …” is disabled, and full logon is executed for the GUI requests. The
following message is also issued:
W3391 BBSV was running SUPER.SUPER. Full sign on for user <login user id>
executed even if 'Run interactive processes under sign on user ID' is un-checked.
If “Run interactive processes ” is set to false but BBSV is not PROGID yet,
BBSV will run under SUPER.SUPER: these conditions will also force a full login
for GUI requests and generate the message W3391 above.