Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)
Beginning with the J06.15 and H06.26 RVUs, an OSS Security Event-Exit Process (SEEP) is supported
and provides additional file-access authorization. For details of OSS SEEP, see “Using an OSS
Security Event-Exit Process (SEEP)” (page 231).
Certain differences might require you to code the security-management portions of a shell script
in a manner specific to the OSS environment. If you are experienced in UNIX security administration,
review the following topics before proceeding with the rest of this section:
• “Administrative Files and Directories” (page 217)
• “Administrative Tools” (page 219)
• “User and Group Security in the OSS Environment” (page 220)
• “Components of OSS Security Management” (page 221)
Administrative Files and Directories
Most of the directories and files with security considerations on UNIX systems are absent from the
OSS environment. For example:
• OSS user and group administration does not use any of the following files or directories in
the /etc directory, which can be the target of UNIX security intruders:
groups
passwd
security
shadow
• C functions provide access to information needed from the security database. However, the
database files themselves are not available in the OSS file system.
• OSS administration of device access does not use files in the /dev directory that are available
on some UNIX systems, such as:
console
cua*
fd
kmem or mem
modem
ttyda or ttydfa
ttys0 through ttys9
These files also can be the target of UNIX security intruders.
• The OSS environment does not use the following files and directories sometimes found on
UNIX systems:
◦ In /etc:
aliases
dfs/dfstab
exports
ftpusers
hosts.lpd
mail/aliases or sendmail/aliases
rc, rc*, or rc?.d
shells
syslog.conf
system
ttys
Common and Unique Characteristics of OSS and UNIX Security 217