Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)
8 Managing Users and Groups
This chapter provides the following user and user-group management concepts that are relevant
to the Open System Services (OSS) environment:
• “How Users Gain Access to the OSS Environment” (page 204)
• “User and User-Group Attributes” (page 205)
• “Assigning an Initial Working Directory” (page 206)
• “Assigning an Initial Program” (page 209)
Beginning with the J06.16 and H06.27 RVUs, a suite of user management utilities are provided
for creating, modifying, and deleting user accounts. These utilities are mainly intended for performing
user management from the OSS environment—similar to those on other Open Source systems,
such as Linux—and they provide a similar user interface. For details of these user management
utilities in the OSS environment, see “User Management Tools on OSS” (page 210).
Hints and suggestions for user and group management are provided in “Hints and Suggestions”
(page 212).
How Users Gain Access to the OSS Environment
A user gains access to the OSS environment through a server process. The most commonly used
server subsystems are Telserv and the file transfer protocol (FTP) server. Other servers, such as the
iTP WebServer httpd process, are beyond the scope of this guide.
Both Telserv and the FTP server authenticate the user’s login information against the user definitions
configured through the Safeguard subsystem.
NOTE: The EDIT file $SYSTEM.ZTCPIP.FTPUSERS can be used to disallow access to FTP by valid
users of other subsystems. When a user name appears in the FTPUSERS file, FTP rejects access
without authenticating the user definition. This control mechanism is similar to that provided on a
UNIX system by the /etc/ftpusers file.
When you configure a user, make sure that the FTPUSERS file does not conflict with your intent.
For example, access by the FTP user anonymous is disallowed if the Guardian user NULL.FTP or
the OSS user aliases anonymous or ftp are listed in the FTPUSERS file.
See the TCP/IP Applications and Utilities User Guide for more information about the use of
FTPUSERS.
Telserv provides access in the following ways:
• Indirectly, when the user selects the TACL service, logs in to the Guardian environment from
a TACL prompt, and then enters the OSH command. (See the osh(1) reference page either
online or in the Open System Services Shell and Utilities Reference Manual.)
• Directly, when the user logs in to a direct service that invokes the OSH command to start an
OSS shell.
• Directly, when the user logs in to a direct service that uses the OSH command to invoke any
executable program correctly configured through the Safeguard subsystem and the Telserv
SCF product module.
The initial working directory for the user is determined by the way the user definition is configured
and by the Telserv service that the user selects.
204 Managing Users and Groups