RDF/IMP and IMPX System Management Manual (RDF 1.4+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

Installing and Configuring RDF

HP NonStop RDF/IMP and IMPX System Management Manual—524388-001

3-12

Security Guidelines

The following summarizes the reasons for the various security requirements of each

RDF program:

•

RDFCHEK. The RDFCHEK program opens the database files in privileged mode

and must be licensed with FUP or by running the RDFINST macro. RDFCHEK can

be owned by any user ID.

•

RDFCOM. The RDFCOM program communicates with the TMP in privileged

mode and must be licensed with FUP or by running the RDFINST macro.

RDFCOM can be owned by any user ID; however, it must be run by a member of

the super-user group (user ID 255,nnn) to change the running state of RDF.

•

RDFEXTO. The RDF extractor program communicates with the TMP in privileged

mode and must be licensed with FUP or by running the RDFINST macro.

RDFEXTO can be owned by any user ID.

•

RDFMONO. The RDF monitor program communicates with the TMP in privileged

mode and must be licensed with FUP or by running the RDFINST macro.

RDFMONO can be owned by any user ID.

•

RDFNETO. The RDFNETO program opens and writes to the network

synchronization file on each of the primary systems participating in the RDF

network. RDFNETO can be owned by any user ID.

•

RDFRCVO. The RDF receiver program opens the image files in privileged mode

and must be licensed with FUP or by running the RDFINST macro. RDFRCVO can

be owned by any user ID.

•

RDFPRGO. The RDF purger program purges image files in privileged mode and

must be licensed with FUP or by running the RDFINST macro. RDFPRGO can be

owned by any user ID.

•

RDFSCAN. The RDFSCAN program contains no privileged calls or privileged

code and need not be licensed. RDFSCAN can be owned and run by any user ID.

•

RDFSNOOP. The RDFSNOOP program opens the image files in privileged mode

and must be licensed with FUP or by running the RDFINST macro. RDFSNOOP

can be owned by any user ID. RDFSNOOP must be run by a member of the super-

user group (user ID 255,nnn) to read the image files.

•

RDFUPDO. RDF updater programs open image files in privileged mode and must

be licensed with FUP or by running the RDFINST macro. RDFUPDO also must be

able to open database files for protected write access. When querying the backup

database files, users should always open the files for shared read access.

Note. The RDFCHEK utility tries to get protected access for the files being compared, and

if the utility cannot get this access because someone else has the file open, RDFCHEK

opens the file read only.