Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

211

212

213

214

215

216

217

218

219

220

Licensing the OSS Monitor to the Super Group

The OSS Monitor contains privileged procedures but is not a licensed program. If anyone other

than the super ID (255,255 in the Guardian environment, 65535 in the OSS environment) attempts

to start it, the TACL error message

Unlicensed privileged program

is issued.

HP strongly suggests that you do not license the OSS Monitor. In most cases, the only user of the

OSS Monitor should be the system administrator (or other authorized person).

However, in situations where several users are required to have the authority to start or restart

OSSMON, it might be advisable to license the OSS Monitor to members of the super group.

This method is preferable to allowing many users to access the super ID logon. The process for

licensing the OSS Monitor is:

1. At a TACL prompt, set the volume to $SYSTEM.SYSnn, where nn indicates the current system

subvolume.

2. Enter the following commands:

FUP LICENSE OSSMON FUP SECURE OSSMON, "N-G-", PROGID

This procedure allows anyone in the super group to start OSSMON but also allows OSSMON to

run under the super ID. In this way, OSSMON can start the other servers that must run under the

super ID.

For more details on SCF security issues, see the section that describes configuring and managing

generic processes in the Storage Subsystem Configuration and Management Manual.

Configuring Expand Users

By default, a new user is configured without access to other NonStop nodes through the Expand

product. This default configuration makes all files that would be available through the OSS /E

directory inaccessible to OSS users other than the user logged in with the super ID.

To configure a user for access to files in /E:

• Specify the REMOTEPASSWORD attribute in the Safeguard SAFECOM ADD USER, ALTER

USER, ADD ALIAS, or ALTER ALIAS command.

• Provide a remote password for each remote node on which you want to allow that user to

have file access.

• Make sure that the user name on a remote node has the same user ID value as that associated

with the user name on your local node. For example, if BOOKS.DONL has the user ID 1,2

on your local node, BOOKS.DONL must have the user ID 1,2 on each remote node on which

OSS files should be visible to that user.

For a user ID, you can specify a remote password in the local system’s authentication records only,

such that access is possible from your local node to the remote node but not vice versa. For an

alias, you must create a Safeguard user authentication record containing remote passwords on

both the local and remote nodes.

For a more detailed description of REMOTEPASSWORD configuration, see the Safeguard

Administrator’s Manual.

Configuring FTP Users

If an FTP server user requests that his or her user definition be configured for initial access to the

Guardian environment:

1. Leave that user’s definition with the default null value for its OSS initial working directory.

2. Use the TACLCSTM file method to assign an OSS initial working directory for indirect Telserv

access (see “Assigning an Initial Working Directory Using a TACLCSTM File” (page 208)).

Hints and Suggestions 213