Open System Services Management and Operations Guide (G06.30+, H06.08+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

271

272

273

274

275

276

277

278

279

280

DescriptionValue

(255, nnn), but is not the super ID (255, 255) or a member of the Safeguard

SECURITY-OSS-ADMINISTRATOR (SOA) group. See also “Considerations” (page 276).

SEEPPROTECTED { ON | OFF }

specifies whether the fileset has OSS SEEP protection set or not.

Specifies that the fileset is OSS SEEP-protected and OSS SEEP needs to be consulted for

file operations under this fileset that require access authorization. Only a member of both

the SOA group and Super group can change the setting of this attribute.

OFF

Specifies that the fileset is not OSS SEEP-protected.

The default value is OFF.

Considerations

• The ALTER FILESET command can be used only by super-group users (255,nnn). Additionally,

to alter the RESTRICTEDACCESS or the AUDITENABLED attribute of a restricted-access fileset,

you must be logged on to the local system as a user ID that is a member of the Safeguard

SECURITY-PRV-ADMINISTRATOR (SPA) security group and a member of the super group (255,

nnn), but is not the super ID (255, 255) or a member of the Safeguard

SECURITY-OSS-ADMINISTRATOR (SOA) group.

See also the considerations for the ADD FILESET command.

• The RESTRICTEDACCESS attribute determines whether this fileset is a restricted-access fileset:

A fileset with its RESTRICTEDACCESS attribute set to DISABLED is an unrestricted fileset.

Unrestricted Version 3 catalog filesets on systems running J06.11 or later J-series RVUs

◦

or H06.22 or later H-series RVUs are identical to Version 3 catalog filesets on systems

running earlier RVUs. For these filesets, the super ID has appropriate privileges to perform

privileged operations on files it does not own. To use the ADD FILESET command to add

a fileset with a RESTRICTEDACCESS attribute of DISABLED, you must be a member of the

super-group (255,nnn). The RESTRICTEDACCESS fileset attribute for the root fileset is

required to be DISABLED.

◦ A fileset with its RESTRICTEDACCESS attribute set to ENABLED or LOCAL is a

restricted-access fileset. ENABLED specifies that the fileset is allowed to be accessed

remotely only by NonStop systems with restricted access fileset support. LOCAL specifies

that the fileset is allowed to be accessed remotely by NonStop systems with or without

support for restricted-access filesets. To set the RESTRICTEDACCESS attribute to ENABLED

or LOCAL, you must be logged on to the local system as a user ID that is a member of

the Safeguard SECURITY-PRV-ADMINISTRATOR (SPA) security group and a member of

the super group (255, nnn), but is not the super ID (255, 255) or a member of the

Safeguard SECURITY-OSS-ADMINISTRATOR (SOA) group.

◦ NonStop systems without support for restricted-access filesets have a lower level of

protection against unauthorized access by super ID to restricted-access filesets because

they have no support for the OSS file privileges attribute. Therefore, LOCAL is intended

to be used as a temporary setting until all remote NonStop systems permitted to access

the fileset are upgraded to RVUs that include support for restricted-access filesets.

◦ The setting or modification of the RESTRICTEDACCESS or the AUDITENABLED fileset

attribute is unconditionally audited and generates an EMS event.

◦ To alter the AUDITENABLED or RESTRICTEDACCESS attributes of a restricted-access fileset,

you must be logged on to the local system as a user ID that is a member of the Safeguard

276 Open System Services Monitor