Open System Services Management and Operations Guide (G06.29+, H06.07+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

241

242

243

244

245

246

247

248

249

250

Managing Security

Open System Services Management and Operations Guide—527191-005

8-12

How Users Gain Access to the OSS Environment

Both Telserv and the FTP server authenticate the user’s login information against the

user definitions configured through the Safeguard subsystem.

Telserv provides access in the following ways:

•

Indirectly, when the user selects the TACL service, logs in to the Guardian

environment from a TACL prompt, and then enters the OSH command. (See the

osh(1) reference page either online or in the Open System Services Shell and

Utilities Reference Manual.)

•

Directly, when the user logs in to a direct service that invokes the OSH command

to start an OSS shell.

•

Directly, when the user logs in to a direct service that uses the OSH command to

invoke any executable program correctly configured through the Safeguard

subsystem and the Telserv SCF product module.

The initial working directory for the user is determined by the way the user definition is

configured and by the Telserv service that the user selects.

The FTP server provides access in the following ways:

•

Directly to the Guardian environment, when either of the following is true:

No initial working directory is configured for the user of the FTP client.

An initial working directory with a name that begins with the characters /G/ is

configured for the user of the FTP client.

The FTP user must use an FTP client quote OSS command to gain access to the

OSS environment. (See the ftp(1) and ftpserver(7) reference pages either

online or in the Open System Services Shell and Utilities Reference Manual. The

use of the quote OSS command is also discussed in the TCP/IP Applications and

Utilities User Guide.)

•

Directly to the OSS environment, when an initial working directory in the OSS file

system is configured for the user of the FTP client. (The FTP user can use an FTP

client quote guardian command to gain access to the Guardian environment.)

•

Anonymously, providing direct access to either the OSS environment or the

Guardian environment. An anonymous FTP user cannot use an FTP client

Note. The EDIT file $SYSTEM.ZTCPIP.FTPUSERS can be used to disallow access to FTP by

valid users of other subsystems. When a user name appears in the FTPUSERS file, FTP

rejects access without authenticating the user definition. This control mechanism is similar to

that provided on a UNIX system by the /etc/ftpusers file.

When you configure a user, make sure that the FTPUSERS file does not conflict with your

intent. For example, access by the FTP user anonymous is disallowed if the Guardian user

NULL.FTP or the OSS user aliases anonymous or ftp are listed in the FTPUSERS file.

See the TCP/IP Applications and Utilities User Guide for more information about the use of

FTPUSERS.