Open System Services Management and Operations Guide (G06.29+, H06.07+)
Managing Security
Open System Services Management and Operations Guide—527191-005
8-11
How Users Gain Access to the OSS Environment
A NonStop operating system user can have alternate user names, called aliases. Most
of the attributes of an alias can differ from those of its underlying user definition. You
create an alias with the SAFECOM ADD ALIAS command.
A Safeguard user group is either an administrative group or a file-sharing group. An
administrative group is used to manage user access; a file-sharing group is used to
manage file access.
A NonStop operating system user belongs to a primary group and can belong to more
than one file-sharing group. File-sharing groups other than the primary group are called
supplementary groups in POSIX terminology, although that term does not appear in
Safeguard manuals. All groups configured for the user make up the user’s group list.
By default, the primary group for a new user is the administrative group of the user.
The primary group should not be an administrative group and can be changed to any
other group in the user’s group list.
You should also configure an OSS user’s initial working directory when you configure
the user. You configure the user’s initial working directory with the SAFECOM ADD
USER, ALTER USER, ADD ALIAS, and ALTER ALIAS commands.
You cannot:
•
Move user or group membership definitions directly from a UNIX system into the
OSS environment. If you want to duplicate your UNIX system user and group
definitions, you must recreate them through the Safeguard subsystem.
•
Copy an /etc/group file to define user groups for the OSS environment. OSS
security processing does not use an /etc/group file.
•
Copy an /etc/passwd file to define users for the OSS environment. OSS security
processing does not use an /etc/passwd file.
•
Copy an /etc/ftpusers file to bar specific users from FTP access to the OSS
and Guardian file systems.
•
Use UNIX Network Information Service (NIS) “yellow pages” to define users for the
OSS environment. OSS security processing does not currently support NIS.
How Users Gain Access to the OSS Environment
A user gains access to the OSS environment through a server process. The most
commonly used server subsystems are Telserv and the file transfer protocol (FTP)
server. Other servers, such as the iTP WebServer httpd process, are beyond the
scope of this guide.