Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

Security Management

Introduction to NonStop Operations Management–125507

9-14

Special User IDs

The purpose, use, and dangers of the super ID (255,255) are fully described in the

Security Management Guide.

The Super-Group User

Super-group users (255,n) are operators who perform system and network operations

tasks such as controlling the status of peripherals and other system components. Super-

group users can execute potentially destructive actions, such as:

•

Starting and stopping devices

•

Reloading processor modules

•

Setting the current date and time of day for the system

•

Altering bus availability states (hardware paths)

•

Configuring the Safeguard product

The Group Manager

The group manager (n,255) helps users control access to their groups. Group managers

(

n,255) can (unless restricted by Safeguard settings):

•

Log on as any other group member without knowing that member’s password

(which means the group manager [n,255] has access to the member’s files unless the

Safeguard product is used to restrict access)

•

Add members to the group

•

Delete members from the group

•

Manage the Safeguard records for group members

Handling Changes in a User’s Role

When a person who has access to a special user ID changes roles, especially when

leaving the organization or group, change the password or delete the user ID. Also

consider these points:

•

The privileged user might have had access to other people’s passwords (if those

passwords were stored unencrypted or encrypted by a reversible method). You might

choose to require the invalidation of all passwords to which the person had access.

•

In high-security groups, you might also want to require that all members of the

group change their passwords when another member leaves the group.

•

The privileged user might be aware of holes in the security policy or the security

practices that would allow the user to gain access to the system after changing roles.

Consider reviewing system security immediately after the person changes roles to

ensure that your procedures are intact and working properly.

Note. In the Open System Services (OSS) environment, the super ID has the user ID 65535

and has the set of special permissions called appropriate privileges. The Guardian user ID

(255,255) is the same user ID as the OSS user ID 65535.