Introduction to NonStop Operations Management

ManualsBrandsHP ManualsServerHP NonStop G-Series

181

182

183

184

185

186

187

188

189

190

Security Management

Introduction to NonStop Operations Management–125507

9-20

OSS System Security

•

Authenticates the user by using smart cards or personal identification numbers

(PINs).

•

Decides what servers the user is entitled to use.

•

Passes the personal ID when it calls the server.

•

Resides on a diskless workstation. Diskless workstations can prevent

information from being copied to a floppy disk and removed or from being left

where someone might break into the workstation to access the hard disk. No

sensitive data should be stored on the client workstation or on an unprotected

workgroup server.

The server:

•

Receives the personal ID

•

Decides whether it is open to all users or restricted to certain personal IDs or

whether it needs stronger identification or verification.

OSS System Security

Security features relevant in the OSS environment primarily deal with directory and file

access. OSS users enter the OSS environment by entering the osh command from the

Guardian environment; many Guardian and Safeguard security features apply to the OSS

environment as well.

OSS File Security

Safeguard access-control lists cannot be used to protect OSS files. Access to OSS files is

controlled by OSS file permission codes. Each file and directory in the OSS environment

has associated with it a permission code that indicates the security applied to the file or

directory. Only the file owner or the super ID (255,255) can alter a file or directory’s

permission codes with OSS shell commands.

The permission code for a file or directory grants or denies read, write, and execution

permissions for each of three separate classes of users: the file owner, the file group, and

all others. Unlike Guardian files, there is no purge permission for OSS files.

Interoperability With Safeguard Security

All system users, user aliases, and file-sharing groups are added and managed through

the Safeguard product. In addition, Safeguard volume-protection and process-protection

records can control who is authorized to create disk files on specific disk volumes and

use specific process names.

User Authentication Record

Some attributes in a Safeguard user authentication record, such as the user’s primary

group, initial working directory, initial program, and initial program type, apply

exclusively to the OSS environment,