Open System Services Management and Operations Guide (G06.25+, H06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

231

232

233

234

235

236

237

238

239

240

Managing Security

Open System Services Management and Operations Guide—527191-002

8-7

Components of OSS Security Management

The OSS environment does not provide common UNIX default user names and user

IDs unless they are explicitly created by a site administrator. However, equivalent OSS

user names and user IDs do exist. For example, the privileges normally associated

with the UNIX user name root and the user ID of 0 exist for the OSS user ID (UID) of

65535 (the super ID), which is usually the user SUPER.SUPER.

The OSS environment is incompatible with the following UNIX user and group

conventions:

•

The UNIX super ID has a UNIX UID of 0. The OSS user with an OSS user ID

(scalar view of the user ID) of 0 is NULL.NULL by default.

•

The UNIX super group has a UNIX GID of 0. The OSS group with an OSS

group ID (group number from the structured view of the user ID) of 0 is NULL by

default.

•

Single UNIX user names such as root are always login names. The OSS user

name is the complete NonStop operating system user name and group name pair

(for example, USER.FREDA) unless an alias has been created for the underlying

user ID (for example, when freda is an alias of the user ID for USER.FREDA).

The following OSS environment conventions are equivalent to UNIX user and group

conventions:

•

The super ID login name, with an OSS user ID (scalar view of the user ID) of

65535, is the same as the UNIX user name root with a UNIX UID of 0.

•

The super group, with an OSS group ID (group number from the structured view of

the user ID) of 255, is the same as the UNIX group name wheel with a UNIX GID

of 0.

•

Using root as an alias of the OSS user ID 65535 (which usually has the login

name SUPER.SUPER) is the same as using root for the UNIX user name of the

super ID.

•

Using wheel as an alias for the OSS group ID 255 (the specially privileged super

group, usually with the group name SUPER) is the same as using wheel for the

UNIX group name of the trusted administrator group.

OSS user and group administration occurs through tools in the Guardian environment,

such as the Safeguard command interpreter (SAFECOM) program, or through third-

party software.

There is only one situation where a site should have more than one user name with the

same user ID: when there are multiple administrators of the same group (for example,

news). Each user name with the same user ID must have its own unique password so

that login can be properly audited.

Components of OSS Security Management

Figure 8-1 illustrates the major components and interfaces of OSS security

management.