Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

211

212

213

214

215

216

217

218

219

220

• The initial working directory for an anonymous FTP user should be set up to have appropriate

security in the OSS environment for the user as a type “other” user of the directory.

◦ A read-only anonymous user would have the OSS file security for the directory set to

“drwxrwxr-x”.

◦ A write-only anonymous user would have the OSS file security for the directory set to

“drwxrwx-wx”.

• Guardian or OSS environment access by any user can be disabled by adding the appropriate

user name or alias to the FTPUSERS file in $SYSTEM.ZTCPIP. Allowing anonymous user access

means omitting the corresponding user name or alias from the FTPUSERS file.

See the Safeguard Administrator’s Manual, the Safeguard Reference Manual, and the Security

Management Guide for additional security considerations. See the TCP/IP Applications and Utilities

User Guide for additional information and recommendations about anonymous user FTP access.

See the appropriate manual for information about the corresponding concepts and facilities of a

third-party product.

Disallowing OSS Use by Specific Users

Some sites assign a nonexistent OSS pathname as the initial working directory to all user and alias

definitions that are not explicitly configured for OSS environment access. For example, they would

use a SAFECOM command such as:

ALTER USER scribes.donald, INITIAL-DIRECTORY /contact_site_admin

This definition prevents use of the Guardian environment default volume and subvolume as the

initial working directory. It also causes use of the OSH command to fail for that user and give the

user the suggested pathname as part of an OSH error message.

Note that this approach to user and alias definitions can add significantly to logs of error messages

or of process failures.

Configuring Special Users

UNIX administrators traditionally reserve certain user names for special uses. The user name root

is almost universally used for the user who has super ID permissions (appropriate privileges for the

use of all restricted system facilities).

Consider configuring the super ID with the alias of root. That configuration provides behavior

consistent with most UNIX systems and might prevent confusion.

To configure the super ID with the alias root, you would enter an appropriate version of the

following SAFECOM commands:

ADD ALIAS root, 255,255, PASSWORD Doom1

ALTER ALIAS root, GUARDIAN DEFAULT SECURITY ----

ALTER ALIAS root, GUARDIAN DEFAULT VOLUME $SYSTEM.SYSTEM

ALTER ALIAS root, INITIAL-DIRECTORY /

The user name SUPER.SUPER is predefined in the security database as the user ID (255,255),

which is the super ID with appropriate privileges in the OSS environment.

Hints and Suggestions 215