Open System Services Porting Guide (G06.29+, H06.06+, J06.03+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

111

112

113

114

115

116

117

118

119

120

OSS processes have a full set of Guardian attributes, typically associated with Guardian processes.

Guardian processes have some OSS attributes; OSS processes have an additional set of attributes

specific to OSS that are not associated with Guardian processes. A small set of OSS

process-management functions can access Guardian processes.

You can create OSS processes with the fork() function and run programs with the exec set of

functions. The attributes of the parent process are propagated to the child process, and the child

process has an OSS process ID that uniquely identifies it. An OSS process is a member of a process

group and can participate in a job control session.

An OSS process can send signals to and receive signals from other OSS processes. You can query

and modify the process environment using OSS functions such as getpid() and putenv().

OSS processes receive notification when a child process terminates with the SIGCHLD signal and

can use the wait() and waitpid() functions. More details on the characteristics of OSS and

Guardian processes and on interoperability can be found in “Process Interoperability” (page 74).

Security Model

A common security model is implemented across the OSS and Guardian environments. An

object-oriented, access control mechanism is used in which the attributes of the object, rather than

the function used to access the object, determine who can access the object; the security model of

the target object applies. With this security model, the Guardian access rules are used to access

Guardian objects, and the OSS access rules are used to access OSS objects. For OSS objects

(files, processes), the security mechanism used is identical to that used in other UNIX environments.

Security discussions related to accessing objects within the OSS and Guardian environments follow.

Process-Identity Attributes

Process identity attributes are stored in the process control block for each process. These are used

to identify the user, the primary group to which the user belongs, and the supplementary groups

to which the user belongs. The process identity attributes are used to determine which rights a user

has as the owner of the process.

Process-identity attributes relevant in the OSS and Guardian environments are:

• Authentication type

• Effective user ID (EUID)

• Effective group ID (EGID)

• Group list

• Logon name

• Default file security

Other process-identity attributes that are mostly useful in the OSS environment are:

• Real user ID (RUID)

• Real group ID (RGID)

• Saved-set user ID (SSUID)

• Saved-set group ID (SSGID)

OSS functions such as getpwnam(), getuid(), and so on, can be used to access information

about the user, alias, group, and other relevant process-identity attributes.

OSS functions such as seteuid(), setegid(), and so on, that partially switch process identity

do not change the default file security of a process. In order to set the default file security of a

process, applications must use PROCESS_SETINFO_ with item code 41.

Differences Between OSS and UNIX Environments 113