Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

221

222

223

224

225

226

227

228

229

230

OSS Shell Commands Useful for Security Administration

This subsection covers the following topics:

• “Creating a Logon Session With the su Command” (page 226)

• “Displaying Your User Login Name” (page 226)

• “Changing Your User Group” (page 226)

NOTE:

• Restricted-access filesets deny the super ID special access privileges.

• The getfilepriv and setfilepriv commands can be used to list and to set file privileges

for executable files, user libraries, and ordinary DLLs.

For more information about restricted-access filesets and file privileges, see “Restricted-Access

Filesets” (page 228).

Creating a Logon Session With the su Command

The su command provides an alternative to login for accessing an OSS account. The su command

can change:

• The login name of the current shell (thus changing the user ID of the current shell)

• The password for the user ID of the current shell

• The login name of a new shell (thus changing the user ID from that of the current shell)

• The password for the user ID of a new shell

Security is enforced by requiring the user to complete a normal login procedure for the new login

name. The new user ID stays in force until the shell exits. The new password stays in force until it

is changed again.

For super ID users, the shell substitutes a # (number sign) for its usual prompt.

You can specify a login shell using /bin/sh with the appropriate environment variables. You can

also specify a string to be passed to the shell as a command to execute. See the osh(1) reference

page either online or in the Open System Services Shell and Utilities Reference Manual for a

discussion about using this option.

For more information about the su command, see the su(1) reference page either online or in

the Open System Services Shell and Utilities Reference Manual.

Displaying Your User Login Name

The logname utility writes to the standard output file the name you used to log in to the system.

You can use this utility after you have issued the su command and want to check your current user

ID.

For more information about the logname command, see the logname(1) reference page either

online or in the Open System Services Shell and Utilities Reference Manual.

Changing Your User Group

If you are logged in as the super ID, the newgrp command allows you to become a member of

any defined group. This ability can be a convenience when you are administering files in the OSS

file system.

Correct behavior of the newgrp command depends on whether you have a SHELL environment

variable defined for your current terminal session or your user ID has an INITIAL-PROGRAM attribute

defined for it. For more information about the newgrp command, see the newgrp(1) reference

page either online or in the Open System Services Shell and Utilities Reference Manual.

226 Managing Security