Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

221

222

223

224

225

226

227

228

229

230

Many of these user and group names can provide mechanisms that intruders can use to compromise

UNIX system security or integrity.

The OSS environment does not provide common UNIX default user names and user IDs unless they

are explicitly created by a site administrator. However, equivalent OSS user names and user IDs

do exist. For example, the privileges normally associated with the UNIX user name root and the

user ID of 0 exist for the OSS user ID (UID) of 65535 (the super ID), which is usually the user

SUPER.SUPER.

The OSS environment is incompatible with the following UNIX user and group conventions:

• The UNIX super ID has a UNIX UID of 0. The OSS user with an OSS user ID (scalar view of

the NonStop operating system user ID) of 0 is NULL.NULL by default.

• The UNIX super group has a UNIX GID of 0. The OSS group with an OSS group ID (group

number from the structured view of the NonStop operating system user ID) of 0 is NULL by

default.

• Single UNIX user names such as root are always login names. The OSS user name is the

complete NonStop operating system user name and group name pair (for example,

USER.FREDA) unless an alias has been created for the underlying user ID (for example, when

freda is an alias of the user ID for USER.FREDA).

The following OSS environment conventions are equivalent to UNIX user and group conventions:

• The super ID login name, with an OSS user ID (scalar view of the NonStop operating system

user ID) of 65535, is the same as the UNIX user name root with a UNIX UID of 0.

• The super group, with an OSS group ID (group number from the structured view of the NonStop

operating system user ID) of 255, is the same as the UNIX group name wheel with a UNIX

GID of 0.

• Using root as an alias of the OSS user ID 65535 (which usually has the login name

SUPER.SUPER) is the same as using root for the UNIX user name of the super ID.

• Using wheel as an alias for the OSS group ID 255 (the specially privileged super group,

usually with the group name SUPER) is the same as using wheel for the UNIX group name

of the trusted administrator group.

OSS user and group administration occurs through:

• Tools in the Guardian environment, such as the Safeguard command interpreter program,

SAFECOM

• User management tools on OSS (see “User Management Tools on OSS” (page 210)

• Third-party software

There is only one situation where a site should have more than one user name with the same user

ID: when there are multiple administrators of the same group (for example, news). Each user name

with the same user ID must have its own unique password so that login can be properly audited.

Components of OSS Security Management

Figure 21 (page 222) illustrates the major components and interfaces of OSS security management.

Common and Unique Characteristics of OSS and UNIX Security 221