Manualshelf

Open System Services Management and Operations Guide (G06.29+, H06.07+)

ManualsBrandsHP ManualsServerHP NonStop G-Series
231232233234235236237238239240
Open System Services Management and Operations Guide527191-005
8-1
8 Managing Security
This section covers:
Common and Unique Characteristics of OSS and UNIX Security on page 8-1
Managing Users and Groups on page 8-10
OSS Security Auditing on page 8-24
Protecting Your System on page 8-27
Common and Unique Characteristics of OSS
and UNIX Security
Basic file security is the same for the OSS environment as on a UNIX system. Files are
accessed according to a file mode and access permissions, as described in the Open
System Services User’s Guide.
Version 3 OSS filesets on G06.29 and later G-series RVUs support access control lists
(ACLs), in addition to basic file security, for directories, regular files, FIFO special files,
and bound AF_UNIX sockets. OSS ACLs allow a process whose effective user ID
matches the file owner, super ID, or a member of the Safeguad
SECURITY-OSS-ADMINISTRATOR security group to permit or deny access to a list of
specific users and groups.
OSS ACLs:
Support separate permissions for up to 146 additional users and groups.
Can contain up to 150 ACL entries.
Are based on the POSIX 1003.1e draft standard and the HP-UX implementation of
ACLs.
Are not supported by the OSS Network File System (NFS).
All OSS system calls that include pathnames are subject to the ACLs on any directory
or file in the path.
For a detailed description of OSS ACLs, including examples, see the acl(5)
reference page either online or in the Miscellaneous Topics section of the Open
System Services System Calls Reference Manual.
Certain differences might require you to code the security-management portions of a
shell script in a manner specific to the OSS environment. If you are experienced in
UNIX security administration, review the following topics before proceeding with the
rest of this section:
Administrative Files and Directories on page 8-2
Administrative Tools on page 8-4
Users and Groups on page 8-6
Components of OSS Security Management on page 8-8