Open System Services Management and Operations Guide (G06.25+, H06.03+)
Managing Security
Open System Services Management and Operations Guide—527191-002
8-19
Hints and Suggestions
Assigning an Initial Program Using a TACLCSTM File
You can also assign an initial program to a user by either inserting the following entry
in the user’s TACLCSTM file or having the user enter the following at a TACL prompt:
RUN OSH -ls -prog pathname
where pathname is the pathname of an existing OSS program file to be used as the
initial program. The -ls specification causes execution behaviors appropriate for a
UNIX shell program.
When the user gains access to the OSS environment by logging in at a TACL prompt,
the OSH command in the TACLCSTM file ignores any default initial program assigned
in the user definition. Users can also temporarily change their initial programs in this
manner.
Using this method to assign an initial program might cause unexpected behavior by
OSS shell commands such as newgrp. HP does not recommend using this method.
See the osh(1) reference page either online or in the Open System Services Shell
and Utilities Reference Manual for additional information on using the OSH command
to launch programs other than the OSS shell.
Hints and Suggestions
The following subsections provide some suggestions for configuring users at your site:
•
Licensing the OSS Monitor to the Super Group on page 8-19
•
Configuring Expand Users on page 8-20
•
Configuring FTP Users on page 8-21
•
Allowing Anonymous FTP Use on page 8-21
•
Disallowing OSS Use by Specific Users on page 8-22
•
Configuring Special Users on page 8-23
Also refer to Utility File Security on page C-8.
Licensing the OSS Monitor to the Super Group
The OSS Monitor contains privileged procedures but is not a licensed program. If
anyone other than the super ID (255,255 in the Guardian environment, 65535 in the
OSS environment) attempts to start it, the TACL error message
Unlicensed privileged program
is issued.
HP strongly suggests that you do not license the OSS Monitor. In most cases, the only
user of the OSS Monitor should be the system administrator (or other authorized
person).
However, in situations where several users are required to have the authority to start or
restart OSSMON, it might be advisable to license the OSS Monitor to members of the
super group.