Open System Services Management and Operations Guide (G06.25+, H06.03+)
Managing Security
Open System Services Management and Operations Guide—527191-002
8-20
Hints and Suggestions
This method is preferable to allowing many users to access the super ID logon. The
process for licensing the OSS Monitor is:
1. At a TACL prompt, set the volume to $SYSTEM.SYSnn, where nn indicates the
current system subvolume.
2. Enter the following commands:
FUP LICENSE OSSMON
FUP SECURE OSSMON, "N-G-", PROGID
This procedure allows anyone in the super group to start OSSMON but also allows
OSSMON to run under the super ID. In this way, OSSMON can start the other servers
that must run under the super ID.
For more details on SCF security issues, see the section that describes configuring
and managing generic processes in the Storage Subsystem Configuration and
Management Manual.
Configuring Expand Users
By default, a new user is configured without access to other NonStop nodes through
the Expand product. This default configuration makes all files that would be available
through the OSS /E directory inaccessible to OSS users other than the user logged in
with the super ID.
To configure a user for access to files in /E:
•
Specify the REMOTEPASSWORD attribute in the Safeguard SAFECOM ADD
USER, ALTER USER, ADD ALIAS, or ALTER ALIAS command.
•
Provide a remote password for each remote node on which you want to allow that
user to have file access.
•
Make sure that the user name on a remote node has the same user ID value as
that associated with the user name on your local node. For example, if
BOOKS.DONL has the user ID 1,2 on your local node, BOOKS.DONL must have
the user ID 1,2 on each remote node on which OSS files should be visible to that
user.
For a user ID, you can specify a remote password in the local system’s authentication
records only, such that access is possible from your local node to the remote node but
not vice versa. For an alias, you must create a Safeguard user authentication record
containing remote passwords on both the local and remote nodes.
For a more detailed description of REMOTEPASSWORD configuration, see the
Safeguard Administrator’s Manual.